meta: move inventory structure to be more usable

Fix #2720.

CHANGELOG.md

@@ -1,187 +1,3 @@
-# 2024-08-17
-
-## New appservice-double-puppet service for better double-puppeting
-
-Mautrix bridges are undergoing large changes as announced in the [August 2024 releases & progress](https://mau.fi/blog/2024-08-mautrix-release/) blog post.
-
-The playbook has already upgraded to the rewritten mautrix-slack ([v0.1.0](https://github.com/mautrix/slack/releases/tag/v0.1.0)) and mautrix-signal ([v0.7.0](https://github.com/mautrix/signal/releases/tag/v0.7.0)) bridges.
-
-The newly rewritten bridges do not support double-puppeting via [Shared Secret Auth](./docs/configuring-playbook-shared-secret-auth.md) anymore, which has prompted us to switch to the new & better [appservice method](https://docs.mau.fi/bridges/general/double-puppeting.html#appservice-method-new) for double-puppeting. The playbook automates this double-puppeting setup for you if you enable the new [Appservice Double Puppet](./docs/configuring-playbook-appservice-double-puppet.md) service.
-
-All non-deprecated mautrix bridges in the playbook have been reworked to support double-puppeting via an Appservice. Most bridges still support double-puppeting via [Shared Secret Auth](./docs/configuring-playbook-shared-secret-auth.md), so the playbook supports it too. If only Shared Secret Auth is enabled, double-puppeting will be configured using that method (for the bridges that support it). That said, **Shared Secret Auth double-puppeting is being phased out and we recommend replacing it with the new Appservice method**.
-
-We recommend **enabling double-puppeting via the new Appservice method** by adding the following configuration to your `vars.yml` file:
-
-```yml
-matrix_appservice_double_puppet_enabled: true
-```
-
-You can still **keep** [Shared Secret Auth](./docs/configuring-playbook-shared-secret-auth.md) enabled. Non-mautrix bridges and other services (e.g. [matrix-corporal](./docs/configuring-playbook-matrix-corporal.md)) may still require it.
-
-When both double-puppeting methods are enabled, the playbook will automatically choose the new and better Appservice method for bridges that support it.
-
-
-# 2024-08-15
-
-## matrix-media-repo now configured for Authenticated Media
-
-Thanks to [Michael Hollister](https://github.com/Michael-Hollister) from [FUTO](https://www.futo.org/), our matrix-media-repo implementation now automatically [sets up signing keys](https://docs.t2bot.io/matrix-media-repo/v1.3.5/installation/signing-key/) for Authenticated Media (as per [MSC3916](https://github.com/matrix-org/matrix-spec-proposals/pull/3916)).
-
-If you had never heard of Authenticated Media before, the [Sunsetting unauthenticated media](https://matrix.org/blog/2024/06/26/sunsetting-unauthenticated-media/) article on [matrix.org](https://matrix.org/) is a good introduction.
-
-This feature is enabled for matrix-media-repo installations by default and will append an additional (matrix-media-repo-generated signing key) to your homeserver's (Synapse or Dendrite) signing key. See the [Signing keys](./docs/configuring-playbook-matrix-media-repo.md#signing-keys) and [Key backup and revoking](./docs/configuring-playbook-matrix-media-repo.md#key-backup-and-revoking) sections of the matrix-media-repo documentation for more details.
-
-If you'd like to avoid this new feature, you can disable it by setting `matrix_media_repo_generate_signing_key: false` in your `vars.yml` configuration file.
-
-
-# 2024-08-08
-
-## (Backward Compatibility Break) matrix-corporal has been upgraded to v3
-
-The playbook now installs [matrix-corporal](https://github.com/devture/matrix-corporal) v3.0.0, which brings support for **power-level management** (thanks to [this PR](https://github.com/devture/matrix-corporal/pull/32)).
-
-This upgrade necessitates configuration policy changes as described in [matrix-corporal's changelog entry](https://github.com/devture/matrix-corporal/blob/5287cb81c82cd3b951c2a099b4697c3e0b384559/CHANGELOG.md#version-300-2024-08-08).
-
-If you'd like to remain on the old (v2) version of matrix-corporal, you can do so by adding the following configuration to your `vars.yml` file:
-
-```yml
-matrix_corporal_version: 2.8.0
-```
-
-# 2024-07-25
-
-## synapse-usage-exporter support
-
-Thanks to [Michael Hollister](https://github.com/Michael-Hollister) from [FUTO](https://www.futo.org/), the creators of the [Circles app](https://circu.li/), the playbook can now set up [synapse-usage-exporter](https://github.com/loelkes/synapse-usage-exporter) - a small [Flask](https://flask.palletsprojects.com)-based webservice which can capture usage statistics from Synapse (via HTTP `PUT`) and then make them available for Prometheus to scrape.
-
-To learn more see our [Enabling synapse-usage-exporter for Synapse usage statistics](docs/configuring-playbook-synapse-usage-exporter.md) documentation page.
-
-
-# 2024-07-06
-
-## matrix-alertmanager-receiver support
-
-For those wishing to more easily integrate [Prometheus](https://prometheus.io/)' alerting service ([Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/)) with Matrix, the playbook can now set up [matrix-alertmanager-receiver](https://github.com/metio/matrix-alertmanager-receiver).
-
-See [Setting up Prometheus Alertmanager integration via matrix-alertmanager-receiver](./docs/configuring-playbook-alertmanager-receiver.md) for more details.
-
-
-## Traefik v3 and HTTP/3 are here now
-
-**TLDR**: Traefik was migrated from v2 to v3. Minor changes were done to the playbook. Mostly everything else worked out of the box. Most people will not have to do any tweaks to their configuration. In addition, [HTTP/3](https://en.wikipedia.org/wiki/HTTP/3) support is now auto-enabled for the `web-secure` (port 443) and `matrix-federation` (port `8448`) entrypoints. If you have a firewall in front of your server and you wish to benefit from `HTTP3`, you will need to open the `443` and `8448` UDP ports in it.
-
-### Traefik v3
-
-The reverse-proxy that the playbook uses by default (Traefik) has recently been upgraded to v3 (see [this blog post](https://traefik.io/blog/announcing-traefik-proxy-v3-rc/) to learn about its new features). Version 3 includes some small breaking configuration changes requiring a [migration](https://doc.traefik.io/traefik/migration/v2-to-v3/).
-
-We have **updated the playbook to Traefik v3** (make sure to run `just roles` / `make roles` to get it).
-
-There were **only minor playbook changes required** to adapt to Traefik v3, and only to the Ansible role for [matrix-media-repo](./docs/configuring-playbook-matrix-media-repo.md) where we changed a few [`PathPrefix` instances to `PathRegexp`](https://doc.traefik.io/traefik/routing/routers/#path-pathprefix-and-pathregexp), because these instances were using a regular expression instead of a fixed path. For fixed-path values, `PathPrefix` is still the preferred matcher function to use.
-
-**Most people using the playbook should not have to do any changes**.
-
-If you're using the playbook's Traefik instance to reverse-proxy to some other services of your own (not managed by the playbook), you may wish to review their Traefik labels and make sure they're in line with the [Traefik v2 to v3 migration guide](https://doc.traefik.io/traefik/migration/v2-to-v3/).
-
-If you've tweaked any of this playbook's `_path_prefix` variables and made them use a regular expression, you will now need to make additional adjustments. The playbook makes extensive use of `PathPrefix()` matchers in Traefik rules and `PathPrefix` does not support regular expressions anymore. To work around it, you may now need to override a whole `_traefik_rule` variable and switch it from [`PathPrefix` to `PathRegexp`](https://doc.traefik.io/traefik/routing/routers/#path-pathprefix-and-pathregexp).
-
-If you're not using [matrix-media-repo](./docs/configuring-playbook-matrix-media-repo.md) (the only role we had to tweak to adapt it to Traefik v3), you **may potentially downgrade to Traefik v2** (if necessary) by adding `devture_traefik_verison: v2.11.4` to your configuration. People using `matrix-media-repo` cannot downgrade this way, because `matrix-media-repo` has been adjusted to use `PathRegexp` - a [routing matcher](https://doc.traefik.io/traefik/v2.11/routing/routers/#rule) that Traefik v2 does not understand.
-
-
-### HTTP/3 is enabled by default
-
-In Traefik v3, [HTTP/3](https://en.wikipedia.org/wiki/HTTP/3) support is no longer considered experimental now.
-Due to this, **the playbook auto-enables HTTP3** for the `web-secure` (port 443) and `matrix-federation` (port `8448`) entrypoints.
-
-HTTP3 uses the UDP protocol and **the playbook (together with Docker) will make sure that the appropriate ports** (`443` over UDP & `8448` over UDP) **are exposed and whitelisted in your server's firewall**. However, **if you have another firewall in front of your server** (as is the case for many cloud providers), **you will need to manually open these UDP ports**.
-
-If you do not open the UDP ports correctly or there is some other issue, clients (browsers, mostly) will fall-back to [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) or even [HTTP/1.1](https://en.wikipedia.org/wiki/HTTP).
-
-Still, if HTTP/3 cannot function correctly in your setup, it's best to disable advertising support for it (and misleading clients into trying to use HTTP/3).
-
-To **disable HTTP/3**, you can use the following configuration:
-
-```yml
-devture_traefik_config_entrypoint_web_secure_http3_enabled: false
-
-# Disabling HTTP/3 for the web-secure entrypoint (above),
-# automatically disables it for the Matrix Federation entrypoint as well,
-# so you do not necessarily need the configuration line below.
-#
-# Feel free to only keep it around if you're keeping HTTP/3 enabled for web-secure (by removing the line above),
-# and would only like to disable HTTP/3 for the Matrix Federation entrypoint.
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: false
-```
-
-If you are using [your own webserver](./docs/configuring-playbook-own-webserver.md) (in front of Traefik), port binding on UDP port `8448` by default due to HTTP/3 is either unnecessary or [may get in the way](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3402). If it does, you can disable it:
-
-```yml
-# Disable HTTP/3 for the federation entrypoint.
-# If you'd like HTTP/3, consider configuring it for your other reverse-proxy.
-#
-# Disabling this also sets `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp` to an empty value.
-# If you'd like to keep HTTP/3 enabled here (for whatever reason), you may wish to explicitly
-# set `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp` to something like '127.0.0.1:8449'.
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: false
-```
-
-
-# 2024-07-01
-
-## synapse-admin is now restricted to your homeserver's URL by default
-
-A new feature introduced in synapse-admin [v0.10.0](https://github.com/Awesome-Technologies/synapse-admin/releases/tag/0.10.0) (released and supported by the playbook since a a few months ago) provides the ability to [restrict its usage to a specific homeserver](https://github.com/Awesome-Technologies/synapse-admin/blob/e21e44362c879ac41f47c580b04210842b6ff3d7/README.md#restricting-available-homeserver) (or multiple homeservers).
-
-The playbook has just started making use of this feature. **From now on, your synapse-admin instance will be restricted to the homeserver you're managing via the playbook**. When configured like this, the *Homeserver URL* field in synapse-admin's web UI changes from a text field to a dropdown having a single value (the URL of your homeserver). This makes usage simpler for most people, as they won't need to manually enter a *Homeserver URL* anymore.
-
-If you'd like **to go back to the old unrestricted behavior**, use the following configuration:
-
-```yml
-# Use this configuration to allow synapse-admin to manage any homeserver instance.
-matrix_synapse_admin_config_restrictBaseUrl: []
-```
-
-
-# 2024-06-25
-
-## The URL-prefix for Hookshot generic webhooks has changed
-
-Until now, generic Hookshot webhook URLs looked like this: `https://matrix.DOMAIN/hookshot/webhooks/:hookId`.
-
-The `/hookshot/webhooks` common prefix gets stripped by Traefik automatically, so Hookshot only sees the part that comes after (`/:hookId`).
-
-[A few years ago](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1681), Hookshot started to prefer to handle webhooks at a `/webhook/:hookId` path (instead of directly at `/:hookId`).
-
-To avoid future problems, we've [reconfigured](https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/4704a60718946fd469aeee7fc3ae8127c633bb6b) our Hookshot configuration to use webhook URLs that include `/webhook` in the URL suffix (e.g. `/hookshot/webhooks/webhook/:hookId`, instead of `/hookshot/webhooks/:hookId`). This means that when we strip the common prefi (`/hookshot/webhooks`), we'll end up sending `/webhook/:hookId` to Hookshot, just like recommended.
-
-When generating new webhooks, you should start seeing the new URLs being used.
-
-**For now**, **both** old URLs (`/hookshot/webhooks/:hookId`) and new URLs (`/hookshot/webhooks/webhook/:hookId`) **continue to work***, so your webhooks will not break just yet.
-
-However, **we recommend that you update all your old webhook URLs** (configured in other systems) to include the new `/webhook` path component, so that future Hookshot changes (whenever they come) will not break your webhooks. You don't need to do anything on the Hookshot side - you merely need to reconfigure the remote systems that use your webhook URLs.
-
-
-
-# 2024-06-22
-
-## The maubot user is now managed by the playbook
-
-To make things easier and to be consistent with other roles, the [maubot](./docs/configuring-playbook-bot-maubot.md) user (`bot.maubot` by default) is [now](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3376) automatically created be the playbook.
-
-If you have an existing maubot installation, you will need to specify `matrix_bot_maubot_initial_password` in your `vars.yml` file to make the playbook not complain about it being undefined.
-Since the bot is already registered in your installation, there's nothing for the playbook to do anyway. In case you don't remember the password you've registered your maubot user account with, you can specify any value for this variable.
-
-If you've registered another username for the bot (other than the recommended default of `bot.maubot`), consider adjusting the `matrix_bot_maubot_login` variable (e.g. `matrix_bot_maubot_login: my.maubot.username`).
-
-
-# 2024-06-03
-
-## WeChat bridging support
-
-Thanks to [Tobias Diez](https://github.com/tobiasdiez)'s [efforts](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3241), the playbook now supports bridging to [WeChat](https://www.wechat.com/) via the [matrix-wechat](https://github.com/duo/matrix-wechat) bridge.
-
-See our [Setting up WeChat bridging](docs/configuring-playbook-bridge-wechat.md) documentation page for getting started.
-
-
 # 2024-03-26
 
 ## (Backward Compatibility Break) The playbook now defaults to KeyDB, instead of Redis

README.md

@@ -13,11 +13,13 @@ We run all services in [Docker](https://www.docker.com/) containers (see [the co
 [Installation](docs/README.md) (upgrades) and some maintenance tasks are automated using [Ansible](https://www.ansible.com/) (see [our Ansible guide](docs/ansible.md)).
 
 
-## Self-hosting or Managed / SaaS
+## Self-hosting or SaaS
 
 This Ansible playbook tries to make self-hosting and maintaining a Matrix server fairly easy. Still, running any service smoothly requires knowledge, time and effort.
 
-If you like the [FOSS](https://en.wikipedia.org/wiki/Free_and_open-source_software) spirit of this Ansible playbook, but prefer to put the responsibility on someone else, you can also [get a managed Matrix server from etke.cc](https://etke.cc?utm_source=github&utm_medium=readme&utm_campaign=mdad) (both hosting and on-premises) - a service built on top of this Ansible playbook but with [additional components](https://etke.cc/help/extras/?utm_source=github&utm_medium=readme&utm_campaign=mdad) and [services](https://etke.cc/services/?utm_source=github&utm_medium=readme&utm_campaign=mdad) which all help you run a Matrix server with ease. Be advised that etke.cc operates on a subscription-based approach and there is no "just set up my server once and be done with it" option.
+If you like the [FOSS](https://en.wikipedia.org/wiki/Free_and_open-source_software) spirit of this Ansible playbook, but prefer to put the responsibility on someone else, you can also [get a managed Matrix server from etke.cc](https://etke.cc?utm_source=github&utm_medium=readme&utm_campaign=mdad) - a service built on top of this Ansible playbook, which can help you run a Matrix server with ease.
+
+If you like learning and experimentation, but would rather reduce future maintenance effort, you can even go for a hybrid approach - self-hosting manually using this Ansible playbook at first and then transferring server maintenance to etke.cc at a later time.
 
 
 ## Supported services
@@ -155,7 +157,6 @@ Services that help you in administrating and monitoring your matrix installation
 | Metrics and Graphs | x | Consists of the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI | [Link](docs/configuring-playbook-prometheus-grafana.md) |
 | [Borg](https://borgbackup.org) | x | Backups | [Link](docs/configuring-playbook-backup-borg.md) |
 | [Rageshake](https://github.com/matrix-org/rageshake) | x | Bug report server | [Link](docs/configuring-playbook-rageshake.md) |
-| [synapse-usage-exporter](https://github.com/loelkes/synapse-usage-exporter) | x | Export the usage statistics of a Synapse homeserver to be scraped by Prometheus. | [Link](docs/configuring-playbook-synapse-usage-exporter.md) |
 
 ### Misc
 

docs/ansible.md

@@ -65,7 +65,7 @@ docker run -it --rm \
 -w /work \
 -v `pwd`:/work \
 --entrypoint=/bin/sh \
-docker.io/devture/ansible:2.17.0-r0-1
+docker.io/devture/ansible:2.16.1-r0-0
 ```
 
 Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
@@ -86,7 +86,7 @@ docker run -it --rm \
 -v `pwd`:/work \
 -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
 --entrypoint=/bin/sh \
-docker.io/devture/ansible:2.17.0-r0-1
+docker.io/devture/ansible:2.16.1-r0-0
 ```
 
 The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).

docs/configuring-playbook-alertmanager-receiver.md

@@ -1,93 +0,0 @@
-# Setting up matrix-alertmanager-receiver (optional)
-
-The playbook can install and configure the [matrix-alertmanager-receiver](https://github.com/metio/matrix-alertmanager-receiver) service for you. It's a [client](https://prometheus.io/docs/alerting/latest/clients/) for Prometheus' [Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/), allowing you to deliver alerts to Matrix rooms.
-
-See the project's [documentation](https://github.com/metio/matrix-alertmanager-receiver) to learn more about what this component does and why it might be useful to you.
-
-At the moment, **setting up this service's bot requires some manual actions** as described below in [Account and room preparation](#account-and-room-preparation).
-
-This service is meant to be used with an external [Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/) instance. It's **not** meant to be integrated with the [Prometheus & Grafana stack](./configuring-playbook-prometheus-grafana.md) installed by this playbook, because the Alertmanager component is not installed by it.
-
-
-## Configuration
-
-```yml
-matrix_alertmanager_receiver_enabled: true
-
-# This exposes matrix-alertmanager-receiver on the `matrix.` domain.
-# Adjust, if necessary.
-matrix_alertmanager_receiver_hostname: "{{ matrix_server_fqn_matrix }}"
-
-# This exposes matrix-alertmanager-receiver under a path prefix containing a random (secret) value.
-# Adjust the `RANDOM_VALUE_HERE` part with a long and secure value.
-matrix_alertmanager_receiver_path_prefix: /matrix-alertmanager-receiver-RANDOM_VALUE_HERE
-
-# If you'd like to change the username for this bot, uncomment and adjust. Otherwise, remove.
-# matrix_alertmanager_receiver_config_matrix_user_id_localpart: "bot.alertmanager.receiver"
-
-# Specify the bot user's access token here.
-# See the "Account and room preparation" section below.
-matrix_alertmanager_receiver_config_matrix_access_token: ''
-
-# Optionally, configure some mappings (URL-friendly room name -> actual Matrix room ID).
-#
-# If you don't configure mappings, you can still deliver alerts using URLs like this:
-# https://matrix.DOMAIN/matrix-alertmanager-receiver-RANDOM_VALUE_HERE/alert/!some-room-id:example.com
-#
-# If a mapping like the one below is configured, you can deliver alerts using friendlier URLs like this:
-# https://matrix.DOMAIN/matrix-alertmanager-receiver-RANDOM_VALUE_HERE/alert/some-room-name
-matrix_alertmanager_receiver_config_matrix_room_mapping:
-  some-room-name: "!some-room-id:{{ matrix_domain }}"
-```
-
-See `roles/custom/matrix-alertmanager-receiver/defaults/main.yml` for additional configuration variables.
-
-
-## Account and room preparation
-
-The playbook can automatically create users, but it cannot automatically obtain access tokens, nor perform any of the other manual actions below.
-
-`matrix-alertmanager-receiver` uses a bot (with a username specified in `matrix_alertmanager_receiver_config_matrix_user_id_localpart` - see above) for delivering messages. You need to **manually register this bot acccount and obtain an access token for it**.
-
-1. [Register a new user](registering-users.md): `ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.alertmanager.receiver password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user`
-2. [Obtain an access token](obtaining-access-tokens.md) for the bot's user account
-3. Invite the bot to a room where you'd like to alerts to be delivered
-4. Log in as the bot using any Matrix client of your choosing, accept the room invitation from the bot's account and log out
-5. (Optionally) Adjust `matrix_alertmanager_receiver_config_matrix_room_mapping` to create a mapping between the new room and its id
-
-Steps 1 and 2 above only need to be done once, while preparing your [configuration](#configuration).
-
-Steps 3 and 4 need to be done for each new room you'd like the bot to deliver alerts to. Step 5 is optional and provides cleaner `/alert/` URLs.
-
-
-## Installation
-
-Now that you've [prepared the bot account and room](#account-and-room-preparation) and have [configured the playbook](#configuration), you can re-run the [installation](./installing.md) process (`just install-all`).
-
-Then, you can proceed to [Usage](#usage).
-
-
-## Usage
-
-Configure your Prometheus Alertmanager with configuration like this:
-
-```yml
-receivers:
-  - name: matrix
-    webhook_configs:
-      - send_resolved: true
-        url: URL_HERE
-route:
-  group_by:
-    - namespace
-  group_interval: 5m
-  group_wait: 30s
-  receiver: "matrix"
-  repeat_interval: 12h
-  routes:
-    - receiver: matrix
-```
-
-.. where `URL_HERE` looks like `https://matrix.DOMAIN/matrix-alertmanager-receiver-RANDOM_VALUE_HERE/alert/some-room-name` or `https://matrix.DOMAIN/matrix-alertmanager-receiver-RANDOM_VALUE_HERE/alert/!some-room-id:DOMAIN`.
-
-This bot does **not** accept room invitations automatically (like many other bots do). To deliver messages to rooms, **the bot must be joined to all rooms manually** - see Step 5 of the [Account and room preparation](#account-and-room-preparation) section.

docs/configuring-playbook-appservice-double-puppet.md

@@ -1,15 +0,0 @@
-# Setting up Appservice Double Puppet (optional)
-
-Appservice Double Puppet is a homeserver appservice through which bridges (and potentially other services) can impersonate any user on the homeserver.
-
-This is useful for performing [double-puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) via the [appservice method](https://docs.mau.fi/bridges/general/double-puppeting.html#appservice-method-new). The Appservice Double Puppet service is an implementation of this approach.
-
-Previously, bridges supported performing [double-puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) with the help of the [Shared Secret Auth password provider module](./configuring-playbook-shared-secret-auth.md), but this old and hacky solution has been superseded by this Appservice Double Puppet method.
-
-To enable the Appservice Double Puppet service, adjust your `vars.yml` configuration like this and [re-run the playbook](./installing.md) (`just install-all`):
-
-```yml
-matrix_appservice_double_puppet_enabled: true
-```
-
-When enabled, double puppeting will automatically be enabled for all bridges that support double puppeting via the appservice method.

docs/configuring-playbook-bot-draupnir.md

@@ -146,10 +146,7 @@ matrix_bot_draupnir_configuration_extension_yaml: |
 Draupnir supports two methods to receive reports in the management room.
 
 The first method intercepts the report API endpoint of the client-server API, which requires integration with the reverse proxy in front of the homeserver.
-If you are using traefik, this playbook can set this up for you:
+While this playbook uses reverse proxies, it does not yet implement this.
-```yaml
-matrix_bot_draupnir_abuse_reporting_enabled: true
-```
 
 The other method polls an synapse admin API endpoint and is hence only available when using synapse and when the Draupnir user is an admin user (see step 1).
 To enable it, set `pollReports: true` in Draupnir's config:

docs/configuring-playbook-bot-maubot.md

@@ -14,42 +14,45 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
 
 ```yaml
 matrix_bot_maubot_enabled: true
-
-# Uncomment and adjust this part if you'd like to use a username different than the default
-# matrix_bot_maubot_login: bot.maubot
-
-# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
-matrix_bot_maubot_initial_password: PASSWORD_FOR_THE_BOT
-
 matrix_bot_maubot_admins:
   - yourusername: securepassword
 ```
 
-You can add multiple admins. The admin accounts are only used to access the maubot administration interface.
+You can add multiple admins. The admin accounts are not connected to any matrix ID and are only used to access the
+maubot administration interface.
 
 
 ## Installing
 
-After configuring the playbook, run the [installation](installing.md) command again (`just install-all`):
+After configuring the playbook, run the [installation](installing.md) command again:
 
-**Notes**:
+```
-
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
-- if you change the bot password (`matrix_bot_maubot_initial_password` in your `vars.yml` file) subsequently,
+```
-  the bot user's credentials on the homeserver won't be updated automatically.
-  If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it.
 
 ## Usage
 
 You can visit `matrix.<your-domain>/_matrix/maubot/` to manage your available plugins, clients and instances.
 
 You should start in the following order
-1. **Create one or more clients:** A client is a matrix account which the bot will use to message. By default, the playbook creates a `bot.maubot` account (as per the configuration above). You only need to [obtain an access token](#obtaining-an-access-token) for it
+1. **Create one or more clients:** A client is a matrix account which the bot will use to message.
 2. **Upload some Plugins:** Plugins can be obtained from [here](https://github.com/maubot/maubot#plugins) or any other source.
 3. **Create an instance:** An instance is the actual bot. You have to specify a client which the bot instance will use 
 and the plugin (how the bot will behave)
 
-## Obtaining an access token
+To add a client you first need to create an account and obtain a valid access token.
 
-This can be done via `mbc login` then `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). To run these commands, you'll first need to `exec` into the maubot container with `docker exec -it matrix-bot-maubot sh`.
+## Registering the bot user
 
-Alternatively, you can follow our generic [obtain an access token](obtaining-access-tokens.md) documentation.
+You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
+
+```
+ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.maubot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user
+```
+
+Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
+
+## Obtaining an admin access token
+
+This can be done via `mbc login` then `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). To run these commands you'll need to open the bot docker container with `docker exec -it matrix-bot-maubot sh`
+Alternatively, use Element or curl to [obtain an access token](obtaining-access-tokens.md).

docs/configuring-playbook-bridge-beeper-linkedin.md

@@ -30,13 +30,11 @@ matrix_beeper_linkedin_configuration_extension_yaml: |
 You may wish to look at `roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2` to find other things you would like to configure.
 
 
-## Set up Double Puppeting by enabling Appservice Double Puppet or Shared Secret Auth
+## Set up Double Puppeting
 
-The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
+If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have to enable Shared Secred Auth.
 
-Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
-
-Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
 
 
 ## Usage

docs/configuring-playbook-bridge-heisenbridge.md

@@ -22,8 +22,6 @@ matrix_heisenbridge_owner: "@you:your-homeserver"
 matrix_heisenbridge_identd_enabled: true
 ```
 
-By default, Heisenbrdige would be exposed on the Matrix domain (`matrix.DOMAIN`, as specified in `matrix_server_fqn_matrix`) under the `/heisenbridge` path prefix. It would handle media requests there (see the [release notes for Heisenbridge v1.15.0](https://github.com/hifi/heisenbridge/releases/tag/v1.15.0)).
-
 That's it! A registration file is automatically generated during the setup phase.
 
 Setting the owner is optional as the first local user to DM `@heisenbridge:your-homeserver` will be made the owner.

docs/configuring-playbook-bridge-hookshot.md

@@ -50,8 +50,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
 
 | listener | default path | variable | used as |
 |---|---|---|---|
-| - | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | Webhook-prefix, which affects all webhook-related URLs below |
+| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", GitLab "URL", etc. |
-| generic | `/hookshot/webhooks/webhook` | `matrix_hookshot_generic_endpoint` | Generic webhooks |
 | github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" |
 | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth |
 | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma |

docs/configuring-playbook-bridge-mautrix-discord.md

@@ -44,13 +44,11 @@ Take a look at:
 
 If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
-#### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
+#### Method 1: automatically, by enabling Shared Secret Auth
 
-The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
 
-Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
-
-Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
 
 #### Method 2: manually, by asking each user to provide a working access token
 

docs/configuring-playbook-bridge-mautrix-gmessages.md

@@ -14,13 +14,11 @@ matrix_mautrix_gmessages_enabled: true
 
 If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
-### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
+### Method 1: automatically, by enabling Shared Secret Auth
 
-The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
 
-Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
-
-Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
 
 ### Method 2: manually, by asking each user to provide a working access token
 

docs/configuring-playbook-bridge-mautrix-googlechat.md

@@ -16,13 +16,11 @@ matrix_mautrix_googlechat_enabled: true
 
 If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
-### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
+### Method 1: automatically, by enabling Shared Secret Auth
 
-The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
 
-Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
-
-Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
 
 
 ### Method 2: manually, by asking each user to provide a working access token

docs/configuring-playbook-bridge-mautrix-meta-instagram.md

@@ -66,13 +66,11 @@ You may wish to look at `roles/custom/matrix-bridge-mautrix-meta-instagram/templ
 
 If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
-### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
+### Method 1: automatically, by enabling Shared Secret Auth
 
-The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
 
-Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
-
-Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
 
 ### Method 2: manually, by asking each user to provide a working access token
 

docs/configuring-playbook-bridge-mautrix-meta-messenger.md

@@ -77,13 +77,11 @@ You may wish to look at `roles/custom/matrix-bridge-mautrix-meta-messenger/templ
 
 If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
-### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
+### Method 1: automatically, by enabling Shared Secret Auth
 
-The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
 
-Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
-
-Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
 
 ### Method 2: manually, by asking each user to provide a working access token
 

docs/configuring-playbook-bridge-mautrix-signal.md

@@ -56,9 +56,9 @@ You may wish to look at `roles/custom/matrix-bridge-mautrix-signal/templates/con
 
 If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
-### Method 1: automatically, by enabling Appservice Double Puppet
+### Method 1: automatically, by enabling Shared Secret Auth
 
-The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
 
 This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
 

docs/configuring-playbook-bridge-mautrix-slack.md

@@ -47,9 +47,9 @@ Take a look at:
 
 If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
-#### Method 1: automatically, by enabling Appservice Double Puppet
+#### Method 1: automatically, by enabling Shared Secret Auth
 
-The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
 
 This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
 

docs/configuring-playbook-bridge-mautrix-telegram.md

@@ -16,13 +16,11 @@ matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
 
 If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
-### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
+### Method 1: automatically, by enabling Shared Secret Auth
 
-The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
 
-Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
-
-Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
 
 ### Method 2: manually, by asking each user to provide a working access token
 

docs/configuring-playbook-bridge-mautrix-twitter.md

@@ -15,13 +15,11 @@ matrix_mautrix_twitter_enabled: true
 
 If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
-### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
+### Method 1: automatically, by enabling Shared Secret Auth
 
-The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
 
-Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
-
-Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
 
 ### Method 2: manually, by asking each user to provide a working access token
 

docs/configuring-playbook-bridge-mautrix-whatsapp.md

@@ -8,7 +8,7 @@ Use the following playbook configuration:
 
 ```yaml
 matrix_mautrix_whatsapp_enabled: true
-```
+``` 
 Whatsapp multidevice beta is required, now it is enough if Whatsapp is connected to the Internet every 2 weeks.
 
 The relay bot functionality is off by default. If you would like to enable the relay bot, add the following to your `vars.yml` file:
@@ -28,13 +28,11 @@ Use `!wa unset-relay` to deactivate.
 
 If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
 
-### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
+### Method 1: automatically, by enabling Shared Secret Auth
 
-The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
+The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
 
-Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
+This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
-
-Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
 
 ### Method 2: manually, by asking each user to provide a working access token
 

docs/configuring-playbook-bridge-wechat.md

@@ -1,17 +0,0 @@
-# Setting up the WeChat Bridge (optional)
-
-The playbook can install and configure the [matrix-wechat](https://github.com/duo/matrix-wechat) bridge for you (for bridging to the [WeChat](https://www.wechat.com/) network).
-
-See the project page to learn what it does and why it might be useful to you.
-
-To enable the bridge, use the following playbook configuration and re-run the playbook's [installation](./installing.md) procedure:
-
-```yaml
-matrix_wechat_enabled: true
-```
-
-## Usage
-
-Once the bridge is installed, start a chat with `@wechatbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
-
-Send `help` to the bot to see the available commands.

docs/configuring-playbook-matrix-media-repo.md

@@ -23,9 +23,9 @@ matrix_media_repo_enabled: true
 # matrix_media_repo_metrics_enabled: true
 ```
 
-The repo is pre-configured for integrating with the Postgres database, Traefik proxy and [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) (if metrics enabled) from this playbook for all the available homeserver roles. When the media repo is enabled, other media store roles should be disabled (if using Synapse with other media store roles).
+The repo is pre-configured for integrating with the Postgres database, NGINX proxy and [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) (if metrics enabled) from this playbook for all the available homeserver roles. When the media repo is enabled, other media store roles should be disabled (if using Synapse with other media store roles).
 
-By default, the media-repo will use the local filesystem for data storage. You can alternatively use a `s3` cloud backend as well. Access token caching is also enabled by default since the logout endpoints are proxied through the media repo.
+By default, the media-repo will use the local filesystem for data storage. Additional options include `s3` and `IPFS` (experimental). Access token caching is also enabled by default since the logout endpoints are proxied through the media repo.
 
 ## Configuring the media-repo
 
@@ -89,26 +89,6 @@ matrix_media_repo_datastore_s3_opts_bucket_name: "your-media-bucket"
 
 Full list of configuration options with documentation can be found in [`roles/custom/matrix-media-repo/defaults/main.yml`](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-media-repo/defaults/main.yml)
 
-## Signing Keys
-
-Authenticated media endpoints ([MSC3916](https://github.com/matrix-org/matrix-spec-proposals/pull/3916)) requires MMR to have a configured signing key to authorize outbound federation requests. Additionally, the signing key must be merged with your homeserver's signing key file.
-
-The playbook default is to generate a MMR signing key when invoking the setup role and merge it with your homeserver if you are using Synapse or Dendrite. This can be disabled if desired by setting the option in your inventory:
-
-```yaml
-matrix_media_repo_generate_signing_key: false
-```
-
-If you wish to manually generate the signing key and merge it with your homeserver's signing key file, see https://docs.t2bot.io/matrix-media-repo/v1.3.5/installation/signing-key/ for more details.
-
-**Note that if you uninstall MMR from the playbook, it will not remove the old MMR signing key from your homeserver's signing key file. You will have to remove it manually.**
-
-### Key backup and revoking
-
-Since your homeserver signing key file is modified by the playbook, a backup will be created in `HOMESERVER_DIR/config/DOMAIN.signing.key.backup`. If you need to remove/revoke old keys, you can restore from this backup or remove the MMR key id from your `DOMAIN.signing.key` file.
-
-Additionally, its recommended after revoking a signing key to update your homeserver config file (`old_signing_keys` field for Synapse and `old_private_keys` for Dendrite). See your homeserver config file for further documentation on how to populate the field.
-
 ## Importing data from an existing media store
 
 If you want to add this repo to an existing homeserver managed by the playbook, you will need to import existing media into MMR's database or you will lose access to older media while it is active. MMR versions up to `v1.3.3` only support importing from Synapse, but newer versions (at time of writing: only `latest`) also support importing from Dendrite.

docs/configuring-playbook-mautrix-bridges.md

@@ -96,14 +96,19 @@ You may wish to look at `roles/custom/matrix-bridge-mautrix-SERVICENAME/template
 
 ## Set up Double Puppeting
 
-To set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.
+To set up  [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html)
+
+please do so automatically, by enabling Shared Secret Auth
 
 The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook by adding
 
 ```yaml
-matrix_appservice_double_puppet_enabled: true
+matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
+matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE
 ```
 
+You should generate a strong shared secret with a command like this: pwgen -s 64 1
+
 This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
 
 ## Controlling the logging level
@@ -112,7 +117,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac
 matrix_mautrix_SERVICENAME_logging_level: WARN
 ```
 
-to `vars.yml` to control the logging level, where you may replace WARN with one of the following to control the verbosity of the logs generated: TRACE, DEBUG, INFO, WARN, ERROR, or FATAL.
+to `vars.yml` to control the logging level, where you may replace WARN with one of the following to control the verbosity of the logs generated:     TRACE, DEBUG, INFO, WARN, ERROR, or FATAL.
 
 If you have issues with a service, and are requesting support, the higher levels of logging will generally be more helpful.
 

docs/configuring-playbook-own-webserver.md

@@ -171,14 +171,6 @@ devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
 # - adjusting `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom` (below) - removing `insecure: true` and enabling/configuring `trustedIPs`
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: '127.0.0.1:8449'
 
-# Disable HTTP/3 for the federation entrypoint.
-# If you'd like HTTP/3, consider configuring it for your other reverse-proxy.
-#
-# Disabling this also sets `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp` to an empty value.
-# If you'd like to keep HTTP/3 enabled here (for whatever reason), you may wish to explicitly
-# set `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp` to something like '127.0.0.1:8449'.
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: false
-
 # Depending on the value of `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port` above,
 # this may need to be reconfigured. See the comments above.
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom:

docs/configuring-playbook-prometheus-grafana.md

@@ -79,8 +79,6 @@ Name | Description
 `prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network)
 `prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
 `matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [NGINX Log exporter](configuring-playbook-prometheus-nginxlog.md) (locally, on the container network)
-`matrix_sliding_sync_metrics_enabled`|Set this to `true` to make [Sliding Sync](configuring-playbook-sliding-sync-proxy.md) expose metrics (locally, on the container network)
-`matrix_sliding_sync_metrics_proxying_enabled`|Set this to `true` to expose the [Sliding Sync](configuring-playbook-sliding-sync-proxy.md) metrics on `https://matrix.DOMAIN/metrics/sliding-sync`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
 `matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network)
 `matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
 `matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above or `matrix_SERVICE_container_labels_metrics_middleware_basic_auth_enabled`/`matrix_SERVICE_container_labels_metrics_middleware_basic_auth_users` variables provided by each role.
@@ -121,8 +119,7 @@ scrape_configs:
 
 ## More information
 
-- [Enabling synapse-usage-exporter for Synapse usage statistics](configuring-playbook-synapse-usage-exporter.md)
+- [Understanding Synapse Performance Issues Through Grafana Graphs](https://github.com/element-hq/synapse/wiki/Understanding-Synapse-Performance-Issues-Through-Grafana-Graphs) at the Synapse Github Wiki
-- [Understanding Synapse Performance Issues Through Grafana Graphs](https://element-hq.github.io/synapse/latest/usage/administration/understanding_synapse_through_grafana_graphs.html) at the Synapse Github Wiki
 - [The Prometheus scraping rules](https://github.com/element-hq/synapse/tree/master/contrib/prometheus) (we use v2)
 - [The Synapse Grafana dashboard](https://github.com/element-hq/synapse/tree/master/contrib/grafana)
 - [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs)

docs/configuring-playbook-sliding-sync-proxy.md

@@ -23,7 +23,7 @@ If you'd like to run the Sliding Sync proxy on another hostname or path, use the
 
 ## Adjusting DNS records
 
-If you've changed the default hostname, **you may need to adjust your DNS** records.
+If you've changed the default hostame, **you may need to adjust your DNS** records.
 
 
 ## Adjusting the playbook configuration

docs/configuring-playbook-ssl-certificates.md

@@ -98,29 +98,3 @@ aux_file_definitions:
               certFile: /ssl/cert.pem
               keyFile: /ssl/privkey.pem
 ```
-
-## Using a DNS-01 ACME challenge type, instead of HTTP-01
-
-You can configure Traefik to use the [DNS-01 challenge type](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) for Let's Encrypt. This is less commonly used than the default [HTTP-01 challenge type](https://letsencrypt.org/docs/challenge-types/#http-01-challenge), but it can be helpful to:
-
-- hide your public IP from Let's Encrypt logs
-- allow you to obtain SSL certificates for servers which are not accessible (via HTTP) from the public internet (and for which the HTTP-01 challenge would fail)
-
-This is an example for how to edit the `vars.yml` file if you're using Cloudflare:
-
-```yaml
-devture_traefik_config_certificatesResolvers_acme_dnsChallenge_enabled: true
-devture_traefik_config_certificatesResolvers_acme_dnsChallenge_provider: "cloudflare"
-devture_traefik_config_certificatesResolvers_acme_dnsChallenge_delayBeforeCheck: 60
-devture_traefik_config_certificatesResolvers_acme_dnsChallenge_resolvers:
-  - "1.1.1.1:53"
-devture_traefik_environment_variables_additional_variables: |
-  CF_API_EMAIL=redacted
-  CF_ZONE_API_TOKEN=redacted
-  CF_DNS_API_TOKEN=redacted
-  LEGO_DISABLE_CNAME_SUPPORT=true
-```
-
-Make sure to change the value of "provider" to your particular DNS solution, and provide the appropriate environment variables. The full list of supported providers is available [here](https://doc.traefik.io/traefik/https/acme/#providers).
-
-This example assumes you're using Cloudflare to manage your DNS zone. Note that it requires the use of two tokens: one for reading all zones (`CF_ZONE_API_TOKEN`) and another that must be able to edit the particular domain you're using (`CF_DNS_API_TOKEN`). For security, it's recommended that you create two fine-grained tokens for this purpose, but you might choose to use the same token for both.

docs/configuring-playbook-synapse-admin.md

@@ -20,12 +20,14 @@ matrix_synapse_admin_enabled: true
 - for [Synapse](./configuring-playbook-synapse.md) (our default homeserver implementation): `matrix_synapse_container_labels_public_client_synapse_admin_api_enabled: true`
 - for [Dendrite](./configuring-playbook-dendrite.md): `matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled: true`
 
-By default, synapse-admin installation will be [restricted to only work with one homeserver](https://github.com/Awesome-Technologies/synapse-admin/blob/e21e44362c879ac41f47c580b04210842b6ff3d7/README.md#restricting-available-homeserver) - the one managed by the playbook. To adjust these restrictions, tweak the `matrix_synapse_admin_config_restrictBaseUrl` variable.
-
 
 ## Installing
 
-After configuring the playbook, run the [installation](installing.md) command again (`just install-all`).
+After configuring the playbook, run the [installation](installing.md) command again:
+
+```
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
 
 
 ## Usage
@@ -33,3 +35,5 @@ After configuring the playbook, run the [installation](installing.md) command ag
 After installation, Synapse Admin will be accessible at: `https://matrix.DOMAIN/synapse-admin/`
 
 To use Synapse Admin, you need to have [registered at least one administrator account](registering-users.md) on your server.
+
+The Homeserver URL to use on Synapse Admin's login page is: `https://matrix.DOMAIN`

docs/configuring-playbook-synapse-auto-accept-invite.md

@@ -5,12 +5,7 @@ The playbook can install and configure [synapse-auto-invite-accept](https://gith
 See that project's [documentation](https://github.com/matrix-org/synapse-auto-accept-invite) to learn what it does and why it might be useful to you.
 In short, it automatically accepts room invites. You can specify that only 1:1 room invites are auto-accepted. Defaults to false if not specified.
 
-**NOTE**: Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the same feature [has been merged](https://github.com/element-hq/synapse/pull/17147) into Synapse (see the [Native alternative](#native-alternative) section below). You'd better use the native feature, instead of the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module.
+If you decide that you'd like to let this playbook install it for you, you need a configuration like this:
-
-
-## Configuration
-
-If you decide that you'd like to let this playbook install the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite module for you, you need a configuration like this:
 
 ```yaml
 matrix_synapse_ext_synapse_auto_accept_invite_enabled: true
@@ -18,30 +13,12 @@ matrix_synapse_ext_synapse_auto_accept_invite_enabled: true
 matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_direct_messages: true
 ```
 
-### Synapse worker deployments
+## Synapse worker deployments
 
-In a [workerized Synapse deployment](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/c9a842147e09647c355799ca024d65a5de66b099/docs/configuring-playbook-synapse.md#load-balancing-with-workers) it is possible to run this module on a worker to reduce the load on the main process (Default is `null`). For example, add this to your configuration:
+In a [workerized Synapse deployment](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/c9a842147e09647c355799ca024d65a5de66b099/docs/configuring-playbook-synapse.md#load-balancing-with-workers) it is possible to run this module on a worker to reduce the load on the main process (Default is 'null'). For example add this to your configuration:
 
 ```yaml
 matrix_synapse_ext_synapse_auto_accept_invite_worker_to_run_on: 'matrix-synapse-worker-generic-0'
 ```
 
-There might be an [issue with federation](https://github.com/matrix-org/synapse-auto-accept-invite/issues/18).
+There might be an [issue with federation](https://github.com/matrix-org/synapse-auto-accept-invite/issues/18).
-
-
-## Native alternative
-
-Since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the functionality provided by the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module [has been made](https://github.com/element-hq/synapse/pull/17147) part of Synapse.
-
-Here's example configuration for using the **native** Synapse feature:
-
-```yml
-matrix_synapse_auto_accept_invites_enabled: true
-
-# Default settings below. Uncomment and adjust if necessary.
-# matrix_synapse_auto_accept_invites_only_for_direct_messages: false
-# matrix_synapse_auto_accept_invites_only_from_local_users: false
-
-# If workers are enabled, you may delegate usage to a specific worker.
-# matrix_synapse_auto_accept_invites_worker_to_run_on: 'matrix-synapse-worker-generic-0'
-```

docs/configuring-playbook-synapse-usage-exporter.md

@@ -1,26 +0,0 @@
-# Setting up synapse-usage-exporter (optional)
-
-[synapse-usage-exporter](https://github.com/loelkes/synapse-usage-exporter) allows you to export the usage statistics of a Synapse homeserver to this container service and for the collected metrics to later be scraped by Prometheus.
-
-Synapse does not include usage statistics in its Prometheus metrics. They can be reported to an HTTP `PUT` endpoint 5 minutes after startup and from then on at a fixed interval of once every three hours. This role integrates a simple [Flask](https://flask.palletsprojects.com) project that offers an HTTP `PUT` endpoint and holds the most recent received record available to be scraped by Prometheus.
-
-Enabling this service will automatically:
-
-- install the synapse-usage-exporter service
-- re-configure Synapse to push (via HTTP `PUT`) usage statistics information to synapse-usage-exporter
-- re-configure [Prometheus](./configuring-playbook-prometheus-grafana.md) (if Prometheus is enabled), to periodically scrape metrics from synapse-usage-exporter
-- add a new [Grafana](./configuring-playbook-prometheus-grafana.md) dashboard (if Grafana is enabled) containing Synapse usage statistics
-
-## Quickstart
-
-Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file and [re-run the installation process](./installing.md) for the playbook:
-
-```yaml
-matrix_synapse_usage_exporter_enabled: true
-
-# (Optional) Expose endpoint if you want to collect statistics from outside (from other homeservers).
-# If enabled, synapse-usage-exporter will be exposed publicly at `matrix.DOMAIN/report-usage-stats/push`.
-# When collecting usage statistics for Synapse running on the same host, you don't need to enable this.
-# You can adjust the hostname and path via `matrix_synapse_usage_exporter_hostname` and `matrix_synapse_usage_exporter_path_prefix`.
-# matrix_synapse_usage_exporter_proxying_enabled: true
-```

docs/configuring-playbook-synapse.md

@@ -161,6 +161,4 @@ Due to this, it's recommended to only store and maintain template files in your
 
 This playbook allows you to enable Synapse metrics, which can provide insight into the performance and activity of Synapse.
 
-To enable Synapse runtime metrics see: [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md)
+To enable Synapse metrics see [`configuring-playbook-prometheus-grafana.md`](./configuring-playbook-prometheus-grafana.md)
-
-To enable Synapse usage metrics, see: [Enabling synapse-usage-exporter for Synapse usage statistics](configuring-playbook-synapse-usage-exporter.md)

docs/configuring-playbook.md

@@ -42,8 +42,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md) (optional)
 
-- [Enabling synapse-usage-exporter for Synapse usage statistics](configuring-playbook-synapse-usage-exporter.md) (optional)
-
 ### Core service adjustments
 
 - Homeserver configuration:
@@ -89,8 +87,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 ### Authentication and user-related
 
-- [Setting up Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) (optional)
-
 - [Setting up an ma1sd Identity Server](configuring-playbook-ma1sd.md) (optional)
 
 - [Setting up Synapse Admin](configuring-playbook-synapse-admin.md) (optional)
@@ -182,8 +178,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up Heisenbridge bouncer-style IRC bridging](configuring-playbook-bridge-heisenbridge.md) (optional)
 
-- [Setting up WeChat bridging](configuring-playbook-bridge-wechat.md) (optional)
-
 
 ### Bots
 
@@ -228,5 +222,3 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 - [Setting up a Cactus Comments server](configuring-playbook-cactus-comments.md) - a federated comment system built on Matrix (optional)
 
 - [Setting up the Rageshake bug report server](configuring-playbook-rageshake.md) (optional)
-
-- [Setting up Prometheus Alertmanager integration via matrix-alertmanager-receiver](configuring-playbook-alertmanager-receiver.md) (optional)

docs/faq.md

@@ -342,7 +342,7 @@ As described in [How is the effective configuration determined?](#how-is-the-eff
 
 Refer to both of these for inspiration. Still, as mentioned in [Configuring the playbook](configuring-playbook.md), you're only ever supposed to edit your own `inventory/host_vars/matrix.DOMAIN/vars.yml` file and nothing else inside the playbook (unless you're meaning to contribute new features).
 
-**Note**: some of the roles (`roles/galaxy/*`) live in separate repositories and are only installed after your run `just roles` (or `make roles`) or `just update` (which automatically does `git pull` and `just roles`).
+**Note**: some of the roles (`roles/galaxy/*`) live in separate repositories and are only installed after your run `just roles` (or `make roles`).
 
 ### I'd like to adjust some configuration which doesn't have a corresponding variable. How do I do it?
 
@@ -356,7 +356,7 @@ Besides that, each role (component) aims to provide a `matrix_SOME_COMPONENT_con
 
 Check each role's `roles/*/*/defaults/main.yml` for the corresponding variable and an example for how use it.
 
-**Note**: some of the roles (`roles/galaxy/*`) live in separate repositories and are only installed after your run `just roles` (or `make roles`) or `just update` (which automatically does `git pull` and `just roles`).
+**Note**: some of the roles (`roles/galaxy/*`) live in separate repositories and are only installed after your run `just roles` (or `make roles`).
 
 
 ## Installation

docs/installing.md

@@ -2,9 +2,7 @@
 
 If you've [configured your DNS](configuring-dns.md) and have [configured the playbook](configuring-playbook.md), you can start the installation procedure.
 
-**Before installing** and each time you update the playbook in the future, you will need to update the Ansible roles in this playbook by running `just roles`. `just roles` is a shortcut (a `roles` target defined in [`justfile`](../justfile) and executed by the [`just`](https://github.com/casey/just) utility) which ultimately runs [agru](https://gitlab.com/etke.cc/tools/agru) or [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) (depending on what is available in your system) to download Ansible roles. If you don't have `just`, you can also manually run the `roles` commands seen in the `justfile`.
+**Before installing** and each time you update the playbook in the future, you will need to update the Ansible roles in this playbook by running `just roles`. `just roles` is a shortcut (a `roles` target defined in [`justfile`](../justfile) and executed by the [`just`](https://github.com/casey/just) utility) which ultimately runs [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to download Ansible roles. If you don't have `just`, you can also manually run the `roles` commands seen in the `justfile`.
-
-There's another shortcut (`just update`) which updates the playbook (`git pull`) and updates roles (`just update`) at the same time.
 
 
 ## Playbook tags introduction

docs/maintenance-migrating.md

@@ -1,6 +1,6 @@
-> **Note**: This migration guide is applicable if you migrate from one server to another server having the same CPU architecture (e.g. both servers being `amd64`).
+> **Note**: This migration guide is applicable if you migrate from one server to another server having the same CPU architecture (e.g. both servers being `amd64`). 
->
+> 
-> If you're trying to migrate between different architectures (e.g. `amd64` --> `arm64`), simply copying the complete `/matrix` directory is not possible as it would move the raw PostgreSQL data (`/matrix/postgres/data`) between different architectures. In this specific case, you can use the guide below as a reference, but you would also need to avoid syncing `/matrix/postgres/data` to the new host, and also dump the database on your current server and import it properly on the new server. See our [Backing up PostgreSQL](maintenance-postgres.md#backing-up-postgresql) docs for help with PostgreSQL backup/restore.
+> If you're trying to migrate between different architectures (e.g. `amd64` --> `arm64`), simply copying the complete `/matrix` directory is not possible as it would move the raw PostgreSQL data between different architectures. In this specific case, you can use the guide below as a reference, but you would also need to dump the database on your current server and import it properly on the new server. See our [Backing up PostgreSQL](maintenance-postgres.md#backing-up-postgresql) docs for help with PostgreSQL backup/restore.
 
 # Migrating to new server
 

docs/maintenance-postgres.md

@@ -111,7 +111,7 @@ You can manually influence some of the tuning variables . These parameters (vari
 
 Most users should be fine with the automatically-done tuning. However, you may wish to:
 
-- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `devture_postgres_max_connections`, `devture_postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `devture_postgres_postgres_process_extra_arguments_auto` variable
+- **adjust the automatically-deterimned tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `devture_postgres_max_connections`, `devture_postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `devture_postgres_postgres_process_extra_arguments_auto` variable
 
 - **turn automatically-performed tuning off**: override it like this: `devture_postgres_postgres_process_extra_arguments_auto: []`
 

docs/maintenance-upgrading-services.md

@@ -6,13 +6,12 @@ If you want to be notified when new versions of Synapse are released, you should
 
 To upgrade services:
 
-- update your playbook directory and all upstream Ansible roles (defined in the `requirements.yml` file) using:
+- update your playbook directory (`git pull`), so you'd obtain everything new we've done
-
-  - either: `just update`
-  - or: a combination of `git pull` and `just role` (or `make roles`)
 
 - take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of
 
-- re-run the [playbook setup](installing.md) and restart all services: `just install-all` or `just setup-all`
+- download the upstream Ansible roles used by the playbook by running `just roles`
+
+- re-run the [playbook setup](installing.md) and restart all services: `just setup-all`
 
 **Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).

docs/prerequisites.md

@@ -26,7 +26,7 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
 
 - [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components.
 
-- [`just`](https://github.com/casey/just) for running `just roles`, `just update`, etc. (see [`justfile`](../justfile)), although you can also run these commands manually
+- [`just`](https://github.com/casey/just) for running `just roles`, etc. (see [`justfile`](../justfile)), although you can also run these commands manually
 
 - An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
 
@@ -35,12 +35,12 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
 - Some TCP/UDP ports open. This playbook (actually [Docker itself](https://docs.docker.com/network/iptables/)) configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports:
 
   - `80/tcp`: HTTP webserver
-  - `443/tcp` and `443/udp`: HTTPS webserver
+  - `443/tcp`: HTTPS webserver
   - `3478/tcp`: TURN over TCP (used by Coturn)
   - `3478/udp`: TURN over UDP (used by Coturn)
   - `5349/tcp`: TURN over TCP (used by Coturn)
   - `5349/udp`: TURN over UDP (used by Coturn)
-  - `8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. In some cases, this **may necessary even with federation disabled**. Integration Servers (like Dimension) and Identity Servers (like ma1sd) may need to access `openid` APIs on the federation port.
+  - `8448/tcp`: Matrix Federation API HTTPS webserver. In some cases, this **may necessary even with federation disabled**. Integration Servers (like Dimension) and Identity Servers (like ma1sd) may need to access `openid` APIs on the federation port.
   - the range `49152-49172/udp`: TURN over UDP
   - potentially some other ports, depending on the additional (non-default) services that you enable in the **configuring the playbook** step (later on). Consult each service's documentation page in `docs/` for that.
 

examples/reverse-proxies/nginx/matrix.conf

@@ -1,14 +1,6 @@
 server {
-    # TODO: once per IP and port you should add `reuseport`, if you don't have that in any other nginx config file, add it here by uncommenting the lines below and commenting the one after with `quic` but without `reuseport`
+    listen 443 ssl http2;
-    #listen 443 quic reuseport;
+    listen [::]:443 ssl http2;
-    listen 443 quic;
-    listen 443 ssl;
-	# TODO: if you replaced the line above for port 443 and IPv4, you probably want to do the same for port 443 IPv6 by switching the two lines below
-	#listen [::]:443 quic reuseport;
-    listen [::]:443 quic;
-    listen [::]:443 ssl;
-    http2 on;
-    http3 on;
 
     # TODO: add/remove services and their subdomains if you use/don't use them
     # this example is using hosting something on the base domain and an element web client, so example.com and element.example.com are listed in addition to matrix.example.com
@@ -32,9 +24,6 @@ server {
         # Nginx by default only allows file uploads up to 1M in size
         # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
         client_max_body_size 50M;
-
-        # required for browsers to direct them to quic port
-        add_header Alt-Svc 'h3=":443"; ma=86400';
     }
 
     # TODO: adapt the path to your ssl certificate for the domains listed on server_name
@@ -48,16 +37,8 @@ server {
 # settings for matrix federation
 server {
     # For the federation port
-    # TODO: once per IP and port you should add `reuseport`, if you don't have that in any other nginx config file, add it here by uncommenting the lines below and commenting the one after with `quic` but without `reuseport`
+    listen 8448 ssl http2 default_server;
-    #listen 8448 quic reuseport;
+    listen [::]:8448 ssl http2 default_server;
-    listen 8448 quic;
-    listen 8448 ssl default_server;
-    # TODO: if you replaced the line above for port 8448 and IPv4, you probably want to do the same for port 8448 IPv6 by switching the two lines below
-    #listen [::]:8448 quic reuseport;
-    listen [::]:8448 quic;
-    listen [::]:8448 ssl default_server;
-    http2 on;
-    http3 on;
 
     server_name matrix.example.com;
 
@@ -73,9 +54,6 @@ server {
         # Nginx by default only allows file uploads up to 1M in size
         # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
         client_max_body_size 50M;
-
-		# required for browsers to direct them to quic port
-        add_header Alt-Svc 'h3=":8448"; ma=86400';
     }
     # TODO: adapt the path to your ssl certificate for the domains listed on server_name
     ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
@@ -115,4 +93,4 @@ server {
     server_name element.example.com;
     listen 80;
     return 404; # managed by Certbot
-}
+}

group_vars/matrix_servers

@@ -38,9 +38,6 @@ matrix_playbook_reverse_proxy_hostname: "{{ devture_traefik_identifier if devtur
 # A separate Matrix Federation entrypoint is always enabled, unless the federation port matches one of the ports for existing (default) entrypoints
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled: "{{ matrix_federation_public_port not in [devture_traefik_config_entrypoint_web_port, devture_traefik_config_entrypoint_web_secure_port] }}"
 
-# We only enable HTTP/3 on the federation entrypoint if the main web-secure entrypoint has it enabled.
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: "{{ devture_traefik_config_entrypoint_web_secure_http3_enabled }}"
-
 # `devture_traefik_config_entrypoint_web_secure_enabled` is the variable we currently follow to determine if SSL is enabled or not.
 # `matrix_playbook_ssl_enabled` is merely an indicator if (when looked at it publicly), the server supports SSL or not,
 # and affects how services configure their public URLs.
@@ -84,8 +81,6 @@ matrix_homeserver_container_extra_arguments_auto: |
     +
     (['--mount type=bind,src=' + matrix_appservice_draupnir_for_all_config_path + '/draupnir-for-all-registration.yaml,dst=/matrix-appservice-draupnir-for-all-registration.yaml,ro'] if matrix_appservice_draupnir_for_all_enabled else [])
     +
-    (['--mount type=bind,src=' + matrix_appservice_double_puppet_config_path + '/registration.yaml,dst=/matrix-appservice-double-puppet-registration.yaml,ro'] if matrix_appservice_double_puppet_enabled else [])
-    +
     (['--mount type=bind,src=' + matrix_appservice_irc_config_path + '/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro'] if matrix_appservice_irc_enabled else [])
     +
     (['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else [])
@@ -98,8 +93,6 @@ matrix_homeserver_container_extra_arguments_auto: |
     +
     (['--mount type=bind,src=' + matrix_go_skype_bridge_config_path + '/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro'] if matrix_go_skype_bridge_enabled else [])
     +
-    (['--mount type=bind,src=' + matrix_wechat_config_path + '/registration.yaml,dst=/matrix-wechat-registration.yaml,ro'] if matrix_wechat_enabled else [])
-    +
     (['--mount type=bind,src=' + matrix_heisenbridge_base_path + '/registration.yaml,dst=/heisenbridge-registration.yaml,ro'] if matrix_heisenbridge_enabled else [])
     +
     (['--mount type=bind,src=' + matrix_hookshot_base_path + '/registration.yml,dst=/hookshot-registration.yml,ro'] if matrix_hookshot_enabled else [])
@@ -157,8 +150,6 @@ matrix_homeserver_app_service_config_files_auto: |
     +
     (['/matrix-appservice-draupnir-for-all-registration.yaml'] if matrix_appservice_draupnir_for_all_enabled else [])
     +
-    (['/matrix-appservice-double-puppet-registration.yaml'] if matrix_appservice_double_puppet_enabled else [])
-    +
     (['/matrix-appservice-irc-registration.yaml'] if matrix_appservice_irc_enabled else [])
     +
     (['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else [])
@@ -171,8 +162,6 @@ matrix_homeserver_app_service_config_files_auto: |
     +
     (['/matrix-go-skype-bridge-registration.yaml'] if matrix_go_skype_bridge_enabled else [])
     +
-    (['/matrix-wechat-registration.yaml'] if matrix_wechat_enabled else [])
-    +
     (['/heisenbridge-registration.yaml'] if matrix_heisenbridge_enabled else [])
     +
     (['/hookshot-registration.yml'] if matrix_hookshot_enabled else [])
@@ -271,8 +260,6 @@ devture_systemd_service_manager_services_list_auto: |
   {{
     ([{'name': (backup_borg_identifier + '.timer'), 'priority': 5000, 'groups': ['matrix', 'backup', 'borg']}] if backup_borg_enabled else [])
     +
-    ([{'name': 'matrix-alertmanager-receiver.service', 'priority': 2200, 'groups': ['matrix', 'alertmanager-receiver']}] if matrix_alertmanager_receiver_enabled else [])
-    +
     ([{'name': 'matrix-bot-buscarron.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'buscarron', 'bot-buscarron']}] if matrix_bot_buscarron_enabled else [])
     +
     ([{'name': 'matrix-bot-go-neb.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'go-neb', 'bot-go-neb']}] if matrix_bot_go_neb_enabled else [])
@@ -311,10 +298,6 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-go-skype-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'go-skype']}] if matrix_go_skype_bridge_enabled else [])
     +
-    ([{'name': 'matrix-wechat.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'wechat']}] if matrix_wechat_enabled else [])
-    +
-    ([{'name': 'matrix-wechat-agent.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'wechat']}] if matrix_wechat_enabled else [])
-    +
     ([{'name': 'matrix-heisenbridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'heisenbridge']}] if matrix_heisenbridge_enabled else [])
     +
     ([{'name': 'matrix-hookshot.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'hookshot', 'bridge-hookshot']}] if matrix_hookshot_enabled else [])
@@ -445,8 +428,6 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-synapse-admin.service', 'priority': 4000, 'groups': ['matrix', 'synapse-admin']}] if matrix_synapse_admin_enabled else [])
     +
-    ([{'name': (matrix_synapse_usage_exporter_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'synapse-usage-exporter']}] if matrix_synapse_usage_exporter_enabled else [])
-    +
     ([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500, 'groups': ['matrix', 'homeservers', 'synapse', 'synapse-reverse-proxy-companion', 'reverse-proxies']}] if matrix_synapse_reverse_proxy_companion_enabled else [])
     +
     ([{'name': 'matrix-user-verification-service.service', 'priority': 800, 'groups': ['matrix', 'matrix-user-verification-service']}] if matrix_user_verification_service_enabled else [])
@@ -525,7 +506,7 @@ docker_daemon_options: "{{ matrix_playbook_docker_installation_daemon_options }}
 #
 ######################################################################
 
-matrix_identity_server_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
+matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
 
 matrix_homeserver_systemd_services_list: |-
   {{
@@ -566,54 +547,6 @@ matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if m
 ######################################################################
 
 
-######################################################################
-#
-# matrix-alertmanager-receiver
-#
-######################################################################
-
-# We don't enable this by default.
-matrix_alertmanager_receiver_enabled: false
-
-matrix_alertmanager_receiver_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
-
-matrix_alertmanager_receiver_container_network: "{{ matrix_addons_container_network }}"
-
-matrix_alertmanager_receiver_container_additional_networks_auto: |-
-  {{
-    (
-      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
-      +
-      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_alertmanager_receiver_container_labels_traefik_enabled) else [])
-    ) | unique
-  }}
-
-matrix_alertmanager_receiver_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
-matrix_alertmanager_receiver_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
-matrix_alertmanager_receiver_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
-matrix_alertmanager_receiver_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
-
-matrix_alertmanager_receiver_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
-matrix_alertmanager_receiver_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
-
-matrix_alertmanager_receiver_systemd_required_services_list_auto: "{{ matrix_addons_homeserver_systemd_services_list }}"
-
-matrix_alertmanager_receiver_config_matrix_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
-
-matrix_alertmanager_receiver_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
-
-matrix_alertmanager_receiver_metrics_proxying_enabled: "{{ matrix_alertmanager_receiver_config_http_metrics_enabled and matrix_metrics_exposure_enabled }}"
-matrix_alertmanager_receiver_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
-matrix_alertmanager_receiver_metrics_proxying_path: "{{ matrix_metrics_exposure_path_prefix }}/matrix-alertmanager-receiver"
-
-######################################################################
-#
-# /matrix-alertmanager-receiver
-#
-######################################################################
-
-
-
 ######################################################################
 #
 # matrix-bridge-appservice-discord
@@ -902,16 +835,7 @@ matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
 matrix_beeper_linkedin_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_beeper_linkedin_login_shared_secret: |-
+matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-  {{
-    ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
-    if matrix_appservice_double_puppet_enabled
-    else (
-      matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
-      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
-      else ""
-    )
-  }}
 
 matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
 
@@ -1008,18 +932,7 @@ matrix_mautrix_discord_homeserver_address: "{{ matrix_addons_homeserver_client_a
 matrix_mautrix_discord_homeserver_public_address: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_matrix }}"
 matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_discord_bridge_login_shared_secret_map_auto: |-
+matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-  {{
-    ({
-      matrix_mautrix_discord_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
-    })
-    if matrix_appservice_double_puppet_enabled
-    else (
-      {matrix_mautrix_discord_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
-      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
-      else {}
-    )
-  }}
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mautrix_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
@@ -1067,23 +980,13 @@ matrix_mautrix_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_gener
 matrix_mautrix_slack_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_slack_double_puppet_secrets_auto: |-
+matrix_mautrix_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-  {{
-    {
-      matrix_mautrix_slack_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
-    }
-    if matrix_appservice_double_puppet_enabled
-    else {}
-  }}
 
 # Postgres is the default, except if not using internal Postgres server
 matrix_mautrix_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_mautrix_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mautrix_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.db', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_slack_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.slack.prov', rounds=655555) | to_uuid }}"
-matrix_mautrix_slack_public_media_signing_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.slack.pmed', rounds=655555) | to_uuid }}"
-
 ######################################################################
 #
 # /matrix-bridge-mautrix-slack
@@ -1213,16 +1116,7 @@ matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_
 matrix_mautrix_googlechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_googlechat_login_shared_secret: |-
+matrix_mautrix_googlechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-  {{
-    ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
-    if matrix_appservice_double_puppet_enabled
-    else (
-      matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
-      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
-      else ""
-    )
-  }}
 
 matrix_mautrix_googlechat_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
 
@@ -1421,14 +1315,7 @@ matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_gene
 
 matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_signal_double_puppet_secrets_auto: |-
+matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-  {{
-    {
-      matrix_mautrix_signal_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
-    }
-    if matrix_appservice_double_puppet_enabled
-    else {}
-  }}
 
 matrix_mautrix_signal_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
 
@@ -1440,9 +1327,6 @@ matrix_mautrix_signal_database_engine: "{{ 'postgres' if devture_postgres_enable
 matrix_mautrix_signal_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_signal_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.prov', rounds=655555) | to_uuid }}"
-matrix_mautrix_signal_public_media_signing_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.pmed', rounds=655555) | to_uuid }}"
-
 ######################################################################
 #
 # /matrix-bridge-mautrix-signal
@@ -1495,18 +1379,7 @@ matrix_mautrix_meta_messenger_homeserver_address: "{{ matrix_addons_homeserver_c
 
 matrix_mautrix_meta_messenger_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.fb.hs', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_auto: |-
+matrix_mautrix_meta_messenger_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-  {{
-    ({
-      matrix_mautrix_meta_messenger_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
-    })
-    if matrix_appservice_double_puppet_enabled
-    else (
-      {matrix_mautrix_meta_messenger_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
-      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
-      else {}
-    )
-  }}
 
 matrix_mautrix_meta_messenger_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
 
@@ -1573,18 +1446,7 @@ matrix_mautrix_meta_instagram_homeserver_address: "{{ matrix_addons_homeserver_c
 
 matrix_mautrix_meta_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.meta.ig.hs', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_auto: |-
+matrix_mautrix_meta_instagram_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-  {{
-    ({
-      matrix_mautrix_meta_instagram_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
-    })
-    if matrix_appservice_double_puppet_enabled
-    else (
-      {matrix_mautrix_meta_instagram_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
-      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
-      else {}
-    )
-  }}
 
 matrix_mautrix_meta_instagram_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
 
@@ -1658,18 +1520,7 @@ matrix_mautrix_telegram_homeserver_domain: "{{ matrix_domain }}"
 matrix_mautrix_telegram_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_telegram_bridge_login_shared_secret_map_auto: |-
+matrix_mautrix_telegram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-  {{
-    ({
-      matrix_mautrix_telegram_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
-    })
-    if matrix_appservice_double_puppet_enabled
-    else (
-      {matrix_mautrix_telegram_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
-      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
-      else {}
-    )
-  }}
 
 matrix_mautrix_telegram_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
 
@@ -1732,18 +1583,7 @@ matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_gen
 matrix_mautrix_twitter_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_twitter_bridge_login_shared_secret_map_auto: |-
+matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-  {{
-    ({
-      matrix_mautrix_twitter_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
-    })
-    if matrix_appservice_double_puppet_enabled
-    else (
-      {matrix_mautrix_twitter_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
-      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
-      else {}
-    )
-  }}
 
 matrix_mautrix_twitter_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
 
@@ -1804,16 +1644,7 @@ matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_g
 matrix_mautrix_gmessages_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_gmessages_login_shared_secret: |-
+matrix_mautrix_gmessages_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-  {{
-    ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
-    if matrix_appservice_double_puppet_enabled
-    else (
-      matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
-      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
-      else ""
-    )
-  }}
 
 matrix_mautrix_gmessages_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
 
@@ -1882,57 +1713,6 @@ matrix_mautrix_wsproxy_syncproxy_database_password: "{{ '%s' | format(matrix_hom
 #
 ######################################################################
 
-######################################################################
-#
-# matrix-bridge-wechat
-#
-######################################################################
-
-# We don't enable bridges by default.
-matrix_wechat_enabled: false
-
-matrix_wechat_systemd_required_services_list_auto: |
-  {{
-    matrix_addons_homeserver_systemd_services_list
-    +
-    ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_wechat_database_hostname == devture_postgres_connection_hostname) else [])
-  }}
-
-matrix_wechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
-
-matrix_wechat_agent_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
-
-matrix_wechat_container_network: "{{ matrix_addons_container_network }}"
-
-matrix_wechat_container_additional_networks_auto: |-
-  {{
-    (
-      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
-      +
-      ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_wechat_database_hostname == devture_postgres_connection_hostname and matrix_wechat_container_network != devture_postgres_container_network) else [])
-    ) | unique
-  }}
-
-matrix_wechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.as.token', rounds=655555) | to_uuid }}"
-
-matrix_wechat_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
-matrix_wechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.hs.token', rounds=655555) | to_uuid }}"
-
-matrix_wechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-
-matrix_wechat_bridge_listen_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.lstn', rounds=655555) | to_uuid }}"
-
-# Postgres is the default, except if not using internal Postgres server
-matrix_wechat_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
-matrix_wechat_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
-matrix_wechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gowechat.db', rounds=655555) | to_uuid }}"
-
-######################################################################
-#
-# /matrix-bridge-wechat
-#
-######################################################################
-
 ######################################################################
 #
 # matrix-bridge-mautrix-whatsapp
@@ -1977,18 +1757,7 @@ matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_ge
 matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"
 
-matrix_mautrix_whatsapp_bridge_login_shared_secret_map_auto: |-
+matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
-  {{
-    ({
-      matrix_mautrix_whatsapp_homeserver_domain: ("as_token:" + matrix_appservice_double_puppet_registration_as_token)
-    })
-    if matrix_appservice_double_puppet_enabled
-    else (
-      {matrix_mautrix_whatsapp_homeserver_domain: matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret}
-      if matrix_synapse_ext_password_provider_shared_secret_auth_enabled
-      else {}
-    )
-  }}
 
 matrix_mautrix_whatsapp_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
 
@@ -2051,8 +1820,6 @@ matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_
 # We don't enable bridges by default.
 matrix_heisenbridge_enabled: false
 
-matrix_heisenbridge_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-
 matrix_heisenbridge_systemd_required_services_list_auto: |
   {{
     matrix_addons_homeserver_systemd_services_list
@@ -2062,18 +1829,9 @@ matrix_heisenbridge_container_network: "{{ matrix_addons_container_network }}"
 
 matrix_heisenbridge_container_additional_networks_auto: |-
   {{
-    (
+    ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
-      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
-      +
-      [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_heisenbridge_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else []
-    ) | unique
   }}
 
-matrix_heisenbridge_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
-matrix_heisenbridge_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
-matrix_heisenbridge_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
-matrix_heisenbridge_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
-
 matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok', rounds=655555) | to_uuid }}"
 
 matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.hs.tok', rounds=655555) | to_uuid }}"
@@ -2155,8 +1913,8 @@ matrix_hookshot_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_p
 matrix_hookshot_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
 matrix_hookshot_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
 
-matrix_hookshot_public_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
 matrix_hookshot_public_hostname: "{{ matrix_server_fqn_matrix }}"
+matrix_hookshot_urlprefix: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_server_fqn_matrix }}"
 
 ######################################################################
 #
@@ -2919,8 +2677,6 @@ matrix_bot_mjolnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_u
 # We don't enable bots by default.
 matrix_bot_draupnir_enabled: false
 
-matrix_bot_draupnir_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8769') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
-
 matrix_bot_draupnir_systemd_required_services_list_auto: |
   {{
     matrix_addons_homeserver_systemd_services_list
@@ -2934,25 +2690,12 @@ matrix_bot_draupnir_container_network: "{{ matrix_addons_container_network }}"
 
 matrix_bot_draupnir_container_additional_networks_auto: |-
   {{
-    (
+    ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
-      ([] if matrix_addons_homeserver_container_network == '' else
-        [matrix_addons_homeserver_container_network])
-      +
-      ([matrix_playbook_reverse_proxyable_services_additional_network] if
-        (matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_draupnir_container_labels_traefik_enabled) else [])
-      +
-      ([matrix_pantalaimon_container_network] if (matrix_bot_draupnir_pantalaimon_use and matrix_pantalaimon_container_network != matrix_bot_draupnir_container_network) else [])
-    ) | unique
   }}
 
 matrix_bot_draupnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_draupnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}"
 matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
 
-matrix_bot_draupnir_container_labels_traefik_enabled: "{{ matrix_bot_draupnir_web_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
-matrix_bot_draupnir_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
-matrix_bot_draupnir_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
-matrix_bot_draupnir_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
-
 ######################################################################
 #
 # /matrix-bot-draupnir
@@ -3002,24 +2745,6 @@ matrix_appservice_draupnir_for_all_database_password: "{{ '%s' | format(matrix_h
 ######################################################################
 
 
-######################################################################
-#
-# matrix-appservice-double-puppet
-#
-######################################################################
-
-matrix_appservice_double_puppet_enabled: false
-
-matrix_appservice_double_puppet_registration_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.doub.pup', rounds=655555) | to_uuid }}"
-matrix_appservice_double_puppet_registration_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hs.doub.pup', rounds=655555) | to_uuid }}"
-
-######################################################################
-#
-# /matrix-appservice-double-puppet
-#
-######################################################################
-
-
 ######################################################################
 #
 # matrix-pantalaimon
@@ -3089,7 +2814,7 @@ backup_borg_location_exclude_patterns: |
 
 backup_borg_systemd_required_services_list: |
   {{
-    [devture_systemd_docker_base_docker_service_name]
+    ['docker.service']
     +
     ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
   }}
@@ -3198,8 +2923,6 @@ matrix_corporal_container_labels_traefik_docker_network: "{{ matrix_playbook_rev
 matrix_corporal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
 matrix_corporal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
-matrix_corporal_matrix_homeserver_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-
 matrix_corporal_matrix_homeserver_api_endpoint: "{{ matrix_homeserver_container_url }}"
 
 matrix_corporal_matrix_auth_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
@@ -3306,7 +3029,7 @@ matrix_coturn_container_additional_volumes: |
 
 matrix_coturn_systemd_required_services_list: |
   {{
-    [devture_systemd_docker_base_docker_service_name]
+    ['docker.service']
     +
     ([devture_traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [])
   }}
@@ -3357,7 +3080,7 @@ matrix_dimension_container_labels_traefik_tls_certResolver: "{{ devture_traefik_
 
 matrix_dimension_homeserver_clientServerUrl: "{{ matrix_addons_homeserver_client_api_url }}"
 matrix_dimension_homeserver_federationUrl: "{{ matrix_homeserver_container_federation_url }}"
-matrix_dimension_homeserver_mediaUrl: "{{ ('https' if matrix_playbook_ssl_enabled else 'http') }}://{{ matrix_server_fqn_matrix }}"
+matrix_dimension_homeserver_mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
 
 # Dimension depends both on `matrix_addons_homeserver_systemd_services_list` and on the homeserver service,
 # because `matrix_dimension_homeserver_clientServerUrl` and `matrix_dimension_homeserver_federationUrl` are potentially
@@ -3424,7 +3147,7 @@ etherpad_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certReso
 
 etherpad_systemd_required_services_list: |
   {{
-    [devture_systemd_docker_base_docker_service_name]
+    ['docker.service']
     +
     ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
   }}
@@ -3767,15 +3490,6 @@ matrix_media_repo_container_labels_traefik_tls_certResolver: "{{ devture_traefik
 matrix_media_repo_container_labels_traefik_internal_media_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
 matrix_media_repo_container_labels_traefik_internal_media_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
 
-matrix_media_repo_container_labels_traefik_internal_matrix_client_media_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
-matrix_media_repo_container_labels_traefik_internal_matrix_client_media_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
-
-matrix_media_repo_metrics_proxying_enabled: "{{ matrix_media_repo_metrics_enabled and matrix_metrics_exposure_enabled }}"
-matrix_media_repo_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
-matrix_media_repo_metrics_proxying_path: "{{ matrix_metrics_exposure_path_prefix }}/matrix-media-repo"
-matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
-matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
-
 matrix_media_repo_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_media_repo_database_username: matrix_media_repo
 matrix_media_repo_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mediarepo.db', rounds=655555) | to_uuid }}"
@@ -3788,11 +3502,6 @@ matrix_media_repo_systemd_required_services_list_auto: |
     ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_media_repo_database_hostname == devture_postgres_connection_hostname else [])
   }}
 
-matrix_media_repo_generate_signing_key: "{{ matrix_homeserver_implementation == 'synapse' or matrix_homeserver_implementation == 'dendrite'}}"
-matrix_media_repo_homeserver_signing_key: "{{ matrix_media_repo_synapse_signing_key if matrix_homeserver_implementation == 'synapse' else (matrix_media_repo_dendrite_signing_key if matrix_homeserver_implementation == 'dendrite' else '') }}"
-matrix_media_repo_synapse_signing_key: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.signing.key"
-matrix_media_repo_dendrite_signing_key: "{{ matrix_dendrite_config_dir_path }}/{{ matrix_server_fqn_matrix }}.signing.pem"
-
 # Auto configured server setup by the playbook
 matrix_media_repo_homeservers_auto:
   -  # Keep the dash from this line.
@@ -3814,11 +3523,6 @@ matrix_media_repo_homeservers_auto:
     # to "matrix", most functionality requiring the admin API will not work.
     adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else ('dendrite' if matrix_homeserver_implementation == 'dendrite' else 'matrix') }}"
 
-    # The signing key to use for authorizing outbound federation requests. If not specified,
-    # requests will not be authorized. See https://docs.t2bot.io/matrix-media-repo/v1.3.5/installation/signing-key/
-    # for details.
-    signingKeyPath: "{{ '/config/' + matrix_media_repo_identifier + '.signing.key' if matrix_media_repo_generate_signing_key else '' }}"
-
 matrix_media_repo_homeserver_federation_enabled: "{{ matrix_homeserver_federation_enabled }}"
 
 ######################################################################
@@ -3988,12 +3692,6 @@ devture_postgres_managed_databases_auto: |
       'password': matrix_go_skype_bridge_database_password,
     }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == devture_postgres_connection_hostname) else [])
     +
-    ([{
-      'name': matrix_wechat_database_name,
-      'username': matrix_wechat_database_username,
-      'password': matrix_wechat_database_password,
-    }] if (matrix_wechat_enabled and matrix_wechat_database_engine == 'postgres' and matrix_wechat_database_hostname == devture_postgres_connection_hostname) else [])
-    +
     ([{
       'name': matrix_mautrix_facebook_database_name,
       'username': matrix_mautrix_facebook_database_username,
@@ -4321,8 +4019,6 @@ keydb_arch: |-
 # If you wish to connect to your Matrix server by other means, you may wish to disable this.
 matrix_client_element_enabled: true
 
-matrix_client_element_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-
 matrix_client_element_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
 
 matrix_client_element_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
@@ -4349,7 +4045,7 @@ matrix_client_element_self_check_validate_certificates: "{{ matrix_playbook_ssl_
 
 matrix_client_element_registration_enabled: "{{ matrix_synapse_enable_registration }}"
 
-matrix_client_element_enable_presence_by_hs_url: |-
+matrix_client_element_enable_presence_by_hs_url: |
   {{
     none
     if matrix_synapse_presence_enabled
@@ -4372,7 +4068,7 @@ matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jit
 
 matrix_client_hydrogen_enabled: false
 
-matrix_client_hydrogen_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
+matrix_client_hydrogen_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
 
 matrix_client_hydrogen_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8768') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
 
@@ -4385,8 +4081,6 @@ matrix_client_hydrogen_container_labels_traefik_docker_network: "{{ matrix_playb
 matrix_client_hydrogen_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
 matrix_client_hydrogen_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
-matrix_client_hydrogen_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-
 matrix_client_hydrogen_default_hs_url: "{{ matrix_homeserver_url }}"
 
 matrix_client_hydrogen_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
@@ -4418,8 +4112,6 @@ matrix_client_cinny_container_labels_traefik_docker_network: "{{ matrix_playbook
 matrix_client_cinny_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
 matrix_client_cinny_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
-matrix_client_cinny_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-
 matrix_client_cinny_default_hs_url: "{{ matrix_homeserver_url }}"
 
 matrix_client_cinny_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
@@ -4438,8 +4130,6 @@ matrix_client_cinny_self_check_validate_certificates: "{{ matrix_playbook_ssl_en
 
 matrix_client_schildichat_enabled: false
 
-matrix_client_schildichat_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-
 matrix_client_schildichat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
 
 matrix_client_schildichat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8765') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
@@ -4466,7 +4156,7 @@ matrix_client_schildichat_self_check_validate_certificates: "{{ matrix_playbook_
 
 matrix_client_schildichat_registration_enabled: "{{ matrix_synapse_enable_registration }}"
 
-matrix_client_schildichat_enable_presence_by_hs_url: |-
+matrix_client_schildichat_enable_presence_by_hs_url: |
   {{
     none
     if matrix_synapse_presence_enabled
@@ -4629,10 +4319,6 @@ matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_
 # Disable creation of media repository Synapse worker when using media-repo
 matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}"
 
-# Enable Synapse statistics reporting when using synapse-usage-exporter
-matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}"
-matrix_synapse_report_stats_endpoint: "http://{{ matrix_synapse_usage_exporter_identifier }}:{{ matrix_synapse_usage_exporter_container_port | string }}/report-usage-stats/push"
-
 ######################################################################
 #
 # /matrix-synapse
@@ -4649,11 +4335,6 @@ matrix_synapse_report_stats_endpoint: "http://{{ matrix_synapse_usage_exporter_i
 # Not enabled by default, for now
 matrix_synapse_auto_compressor_enabled: false
 
-matrix_synapse_auto_compressor_uid: "{{ matrix_user_uid }}"
-matrix_synapse_auto_compressor_gid: "{{ matrix_user_gid }}"
-
-matrix_synapse_auto_compressor_postgres_image: "{{ devture_postgres_container_image_to_use }}"
-
 matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
 
 matrix_synapse_auto_compressor_container_network: "{{ (devture_postgres_container_network if (devture_postgres_enabled and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host and matrix_synapse_database_host == devture_postgres_connection_hostname) else 'matrix-synapse-auto-compressor') }}"
@@ -4770,28 +4451,6 @@ matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ devture_trae
 #
 ######################################################################
 
-######################################################################
-#
-# matrix-synapse-usage-exporter
-#
-######################################################################
-
-matrix_synapse_usage_exporter_enabled: false
-
-matrix_synapse_usage_exporter_container_network: "{{ matrix_monitoring_container_network }}"
-
-matrix_synapse_usage_exporter_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
-
-matrix_synapse_usage_exporter_container_labels_traefik_enabled: "{{ matrix_synapse_usage_exporter_proxying_enabled }}"
-matrix_synapse_usage_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
-matrix_synapse_usage_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
-matrix_synapse_usage_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
-
-######################################################################
-#
-# /matrix-synapse-usage-exporter
-#
-######################################################################
 
 ######################################################################
 #
@@ -4950,8 +4609,6 @@ prometheus_container_additional_networks_auto: |
       ([matrix_prometheus_nginxlog_exporter_container_network] if matrix_prometheus_services_connect_scraper_nginxlog_enabled and matrix_prometheus_nginxlog_exporter_container_network != prometheus_container_network else [])
       +
       ([matrix_media_repo_container_network] if matrix_prometheus_services_connect_scraper_media_repo_enabled and matrix_media_repo_container_network != prometheus_container_network else [])
-      +
-      ([matrix_synapse_usage_exporter_container_network] if matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled and matrix_synapse_usage_exporter_container_network != prometheus_container_network else [])
     ) | unique
   }}
 
@@ -4976,8 +4633,6 @@ prometheus_config_scrape_configs_auto: |
     (matrix_prometheus_services_connect_scraper_nginxlog_scrape_configs if matrix_prometheus_services_connect_scraper_nginxlog_enabled else [])
     +
     (matrix_prometheus_services_connect_scraper_media_repo_scrape_configs if matrix_prometheus_services_connect_scraper_media_repo_enabled else [])
-    +
-    (matrix_prometheus_services_connect_scraper_synapse_usage_exporter_scrape_configs if matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled else [])
   }}
 
 ######################################################################
@@ -5016,9 +4671,6 @@ matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target: "{{ m
 matrix_prometheus_services_connect_scraper_media_repo_enabled: "{{ matrix_media_repo_enabled and matrix_media_repo_metrics_enabled }}"
 matrix_prometheus_services_connect_scraper_media_repo_static_configs_target: "{{ matrix_media_repo_identifier }}:{{ matrix_media_repo_metrics_port }}"
 
-matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled: "{{ matrix_synapse_usage_exporter_enabled }}"
-matrix_prometheus_services_connect_scraper_synapse_usage_exporter_static_configs_target: "{{ matrix_synapse_usage_exporter_identifier }}:{{ matrix_synapse_usage_exporter_container_port | string }}"
-
 ######################################################################
 #
 # /matrix-prometheus-services-connect
@@ -5068,9 +4720,6 @@ grafana_provisioning_datasources: |
       'type': 'prometheus',
       'access': 'proxy',
       'url': ('http://' + prometheus_identifier + ':9090'),
-      'jsonData': {
-        'timeInterval': prometheus_config_global_scrape_interval,
-      }
     }] if prometheus_enabled else [])
   }}
 
@@ -5085,8 +4734,6 @@ grafana_dashboard_download_urls: |
     (matrix_prometheus_nginxlog_exporter_dashboard_urls if matrix_prometheus_nginxlog_exporter_enabled else [])
     +
     (matrix_media_repo_dashboard_urls if matrix_media_repo_metrics_enabled else [])
-    +
-    (matrix_synapse_usage_exporter_dashboard_urls if matrix_synapse_usage_exporter_enabled else [])
   }}
 
 grafana_provisioning_dashboard_template_files: |
@@ -5095,6 +4742,11 @@ grafana_provisioning_dashboard_template_files: |
         'path': 'roles/custom/matrix-prometheus-nginxlog-exporter/templates/grafana/nginx-proxy.json',
         'name': 'nginx-proxy.json',
     }] if matrix_prometheus_nginxlog_exporter_enabled else [])
+    +
+    ([{
+        'path': 'roles/custom/matrix-media-repo/templates/grafana/media-repo.json',
+        'name': 'media-repo.json',
+    }] if matrix_media_repo_metrics_enabled else [])
   }}
 
 grafana_default_home_dashboard_path: |-
@@ -5152,7 +4804,7 @@ matrix_registration_container_labels_traefik_docker_network: "{{ matrix_playbook
 matrix_registration_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
 matrix_registration_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
-matrix_registration_riot_instance: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else 'https://element.io/app/' }}"
+matrix_registration_riot_instance: "{{ ('https://' + matrix_server_fqn_element) if matrix_client_element_enabled else 'https://element.io/app/' }}"
 
 matrix_registration_shared_secret: |-
   {{
@@ -5214,9 +4866,6 @@ matrix_sliding_sync_container_labels_traefik_docker_network: "{{ matrix_playbook
 matrix_sliding_sync_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
 matrix_sliding_sync_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
-matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
-matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
-
 matrix_sliding_sync_systemd_required_services_list_auto: |
   {{
     matrix_homeserver_systemd_services_list
@@ -5230,13 +4879,7 @@ matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix
 matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}"
 
-matrix_sliding_sync_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
+######################################################################
-
-matrix_sliding_sync_metrics_proxying_enabled: "{{ matrix_sliding_sync_metrics_enabled and matrix_metrics_exposure_enabled }}"
-matrix_sliding_sync_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
-matrix_sliding_sync_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/sliding-sync"
-
-#####################################################################
 #
 # /matrix-sliding-sync
 #
@@ -5447,12 +5090,6 @@ matrix_user_creator_users_auto: |
       'initial_password': matrix_bot_buscarron_password,
       'initial_type': 'bot',
     }] if matrix_bot_buscarron_enabled else [])
-    +
-    ([{
-      'username': matrix_bot_maubot_login,
-      'initial_password': matrix_bot_maubot_initial_password,
-      'initial_type': 'bot',
-    }] if matrix_bot_maubot_enabled else [])
   }}
 
 ######################################################################
@@ -5472,7 +5109,7 @@ matrix_user_verification_service_enabled: false
 
 matrix_user_verification_service_systemd_required_services_list: |
   {{
-    [devture_systemd_docker_base_docker_service_name]
+    ['docker.service']
     +
     (['matrix-' + matrix_homeserver_implementation + '.service'])
   }}
@@ -5534,19 +5171,17 @@ matrix_static_files_container_labels_base_domain_traefik_hostname: "{{ matrix_do
 
 # If we're not serving a static webpage, serve a redirect instead of a 404.
 matrix_static_files_container_labels_base_domain_root_path_redirection_enabled: "{{ not matrix_static_files_file_index_html_enabled }}"
-matrix_static_files_container_labels_base_domain_root_path_redirection_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_matrix }}"
+matrix_static_files_container_labels_base_domain_root_path_redirection_url: "https://{{ matrix_server_fqn_matrix }}"
 
 matrix_static_files_file_matrix_client_property_io_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
 
 matrix_static_files_file_matrix_client_property_org_matrix_msc3575_proxy_url: "{{ matrix_homeserver_sliding_sync_url }}"
 
 matrix_static_files_file_matrix_client_property_m_tile_server_entries_enabled: "{{ matrix_client_element_location_sharing_enabled }}"
-matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "{{ ('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element }}/map_style.json"
+matrix_static_files_file_matrix_client_property_m_tile_server_map_style_url: "https://{{ matrix_server_fqn_element }}/map_style.json"
 
 matrix_static_files_file_matrix_server_property_m_server: "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"
 
-matrix_static_files_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
-
 matrix_static_files_self_check_hostname_matrix: "{{ matrix_server_fqn_matrix }}"
 matrix_static_files_self_check_hostname_identity: "{{ matrix_domain }}"
 
@@ -5613,7 +5248,7 @@ devture_traefik_container_additional_networks_auto: |
 
 devture_traefik_systemd_required_services_list: |
   {{
-    ([devture_systemd_docker_base_docker_service_name])
+    (['docker.service'])
     +
     ([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled else [])
   }}

justfile

@@ -5,7 +5,6 @@ default:
 # Pulls external Ansible roles
 roles:
     #!/usr/bin/env sh
-    echo "[NOTE] This command just updates the roles, but if you want to update everything at once (playbook, roles, etc.) - use 'just update'"
     if [ -x "$(command -v agru)" ]; then
     	agru
     else
@@ -13,25 +12,9 @@ roles:
     	ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force
     fi
 
-# Updates the playbook and installs the necessary Ansible roles pinned in requirements.yml. If a -u flag is passed, also updates the requirements.yml file with new role versions (if available)
+# Updates requirements.yml if there are any new tags available. Requires agru
-update *flags: update-playbook-only
+update:
-    #!/usr/bin/env sh
+    @agru -u
-    if [ -x "$(command -v agru)" ]; then
-        echo {{ if flags == "" { "Installing roles pinned in requirements.yml..." } else if flags == "-u" { "Updating roles and pinning new versions in requirements.yml..." } else { "Unknown flags passed" } }}
-        agru {{ flags }}
-    else
-        echo "[NOTE] You are using the standard ansible-galaxy tool to install roles, which is slow and lacks other features. We recommend installing the 'agru' tool to speed up the process: https://github.com/etkecc/agru#where-to-get"
-        echo "Installing roles..."
-        rm -rf roles/galaxy
-        ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force
-    fi
-
-# Updates the playbook without installing/updating Ansible roles
-update-playbook-only:
-    @echo "Updating playbook..."
-    @git stash -q
-    @git pull -q
-    @-git stash pop -q
 
 # Runs ansible-lint against all roles in the playbook
 lint:

requirements.yml

@@ -3,35 +3,35 @@
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
   version: v1.0.0-3
   name: auxiliary
-- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git
+- src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
-  version: v1.2.8-1.8.13-0
+  version: v1.2.8-1.8.9-0
   name: backup_borg
 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
-  version: v0.2.0-0
+  version: v0.1.2-1
   name: container_socket_proxy
 - src: git+https://github.com/geerlingguy/ansible-role-docker
-  version: 7.3.0
+  version: 7.1.0
   name: docker
 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
   version: 129c8590e106b83e6f4c259649a613c6279e937a
   name: docker_sdk_for_python
-- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
+- src: git+https://gitlab.com/etke.cc/roles/etherpad.git
-  version: v2.2.2-0
+  version: v2.0.3-0
   name: etherpad
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
-  version: v4.98-r0-1-0
+  version: v4.97.1-r0-0-2
   name: exim_relay
-- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
+- src: git+https://gitlab.com/etke.cc/roles/grafana.git
-  version: v11.1.4-0
+  version: v11.0.0-0
   name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
-  version: v9646-0
+  version: v9457-3
   name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git
-  version: v6.3.4-2
+  version: v6.3.4-1
   name: keydb
-- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
+- src: git+https://gitlab.com/etke.cc/roles/ntfy.git
-  version: v2.10.0-1
+  version: v2.10.0-0
   name: ntfy
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
   version: 201c939eed363de269a83ba29784fc3244846048
@@ -43,25 +43,25 @@
   version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
   name: playbook_state_preserver
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
-  version: v16.3-2
+  version: v16.3-0
   name: postgres
 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
-  version: 8c3585fb4857dbac026b2974bb6525289240effb
+  version: 046004a8cb9946979b72ce81c2526c8033ea8067
   name: postgres_backup
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v2.54.0-0
+  version: v2.52.0-0
   name: prometheus
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
-  version: v1.8.2-0
+  version: v1.8.0-0
   name: prometheus_node_exporter
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
-  version: v0.14.0-5
+  version: v0.14.0-4
   name: prometheus_postgres_exporter
-- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-redis.git
+- src: git+https://gitlab.com/etke.cc/roles/redis.git
-  version: v7.2.5-0
+  version: v7.2.4-0
   name: redis
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
-  version: v1.2.0-0
+  version: v1.1.0-0
   name: systemd_docker_base
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
   version: v1.0.0-4
@@ -70,8 +70,8 @@
   version: v1.0.0-0
   name: timesync
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
-  version: v3.1.2-0
+  version: v2.11.2-0
   name: traefik
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
-  version: v2.8.3-4
+  version: v2.8.3-1
   name: traefik_certs_dumper

roles/custom/matrix-alertmanager-receiver/defaults/main.yml

@@ -1,241 +0,0 @@
----
-
-# matrix-alertmanager-receiver is a service which receives webhook payloads from Prometheus' Alertmanager and forwards them to a Matrix room.
-# Project source code URL: https://github.com/metio/matrix-alertmanager-receiver
-
-matrix_alertmanager_receiver_enabled: true
-
-# renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2024.8.21
-
-matrix_alertmanager_receiver_scheme: https
-
-# The hostname at which matrix-alertmanager-receiver is served.
-matrix_alertmanager_receiver_hostname: ''
-
-# The path at which matrix-alertmanager-receiver is served.
-# This value must either be `/` or not end with a slash (e.g. `/matrix-alertmanager-receiver`).
-matrix_alertmanager_receiver_path_prefix: /
-
-matrix_alertmanager_receiver_base_path: "{{ matrix_base_data_path }}/alertmanager-receiver"
-matrix_alertmanager_receiver_config_path: "{{ matrix_alertmanager_receiver_base_path }}/config"
-
-matrix_alertmanager_receiver_container_image_self_build: false
-matrix_alertmanager_receiver_container_image_self_build_repo: https://github.com/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_container_image_self_build_repo_version: "{{ 'main' if matrix_alertmanager_receiver_version == 'main' else matrix_alertmanager_receiver_version }}"
-matrix_alertmanager_receiver_container_src_path: "{{ matrix_alertmanager_receiver_base_path }}/container-src"
-
-matrix_alertmanager_receiver_container_image: "{{ matrix_alertmanager_receiver_container_image_name_prefix }}metio/matrix-alertmanager-receiver:{{ matrix_alertmanager_receiver_container_image_tag }}"
-matrix_alertmanager_receiver_container_image_name_prefix: "{{ 'localhost/' if matrix_alertmanager_receiver_container_image_self_build else matrix_alertmanager_receiver_container_image_registry_prefix }}"
-matrix_alertmanager_receiver_container_image_tag: "{{ matrix_alertmanager_receiver_version }}"
-matrix_alertmanager_receiver_container_image_force_pull: "{{ matrix_alertmanager_receiver_container_image.endswith(':main') }}"
-matrix_alertmanager_receiver_container_image_registry_prefix: docker.io/
-
-# The base container network. It will be auto-created by this role if it doesn't exist already.
-matrix_alertmanager_receiver_container_network: ''
-
-# A list of additional container networks that the container would be connected to.
-# The role does not create these networks, so make sure they already exist.
-matrix_alertmanager_receiver_container_additional_networks: "{{ matrix_alertmanager_receiver_container_additional_networks_default + matrix_alertmanager_receiver_container_additional_networks_auto + matrix_alertmanager_receiver_container_additional_networks_custom }}"
-matrix_alertmanager_receiver_container_additional_networks_default: []
-matrix_alertmanager_receiver_container_additional_networks_auto: []
-matrix_alertmanager_receiver_container_additional_networks_custom: []
-
-# Controls whether matrix-alertmanager-receiver metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/matrix-alertmanager-receiver`
-matrix_alertmanager_receiver_metrics_proxying_enabled: false
-matrix_alertmanager_receiver_metrics_proxying_hostname: ''
-matrix_alertmanager_receiver_metrics_proxying_path: /metrics/matrix-alertmanager-receiver
-
-# matrix_alertmanager_receiver_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
-# See `../templates/labels.j2` for details.
-#
-# To inject your own other container labels, see `matrix_alertmanager_receiver_container_labels_additional_labels`.
-matrix_alertmanager_receiver_container_labels_traefik_enabled: true
-matrix_alertmanager_receiver_container_labels_traefik_docker_network: "{{ matrix_alertmanager_receiver_container_network }}"
-matrix_alertmanager_receiver_container_labels_traefik_hostname: "{{ matrix_alertmanager_receiver_hostname }}"
-# The path prefix must either be `/` or not end with a slash (e.g. `/matrix-alertmanager-receiver`).
-matrix_alertmanager_receiver_container_labels_traefik_path_prefix: "{{ matrix_alertmanager_receiver_path_prefix }}"
-matrix_alertmanager_receiver_container_labels_traefik_rule: "Host(`{{ matrix_alertmanager_receiver_container_labels_traefik_hostname }}`){% if matrix_alertmanager_receiver_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_alertmanager_receiver_container_labels_traefik_path_prefix }}`){% endif %}"
-matrix_alertmanager_receiver_container_labels_traefik_priority: 0
-matrix_alertmanager_receiver_container_labels_traefik_entrypoints: web-secure
-matrix_alertmanager_receiver_container_labels_traefik_tls: "{{ matrix_alertmanager_receiver_container_labels_traefik_entrypoints != 'web' }}"
-matrix_alertmanager_receiver_container_labels_traefik_tls_certResolver: default  # noqa var-naming
-
-# Controls whether labels will be added that expose metrics (see `matrix_alertmanager_receiver_metrics_proxying_enabled`) for matrix-alertmanager-receiver
-matrix_alertmanager_receiver_container_labels_public_metrics_enabled: "{{ matrix_alertmanager_receiver_metrics_enabled and matrix_alertmanager_receiver_metrics_proxying_enabled }}"
-matrix_alertmanager_receiver_container_labels_public_metrics_traefik_path: "{{ matrix_alertmanager_receiver_metrics_proxying_path }}"
-matrix_alertmanager_receiver_container_labels_public_metrics_traefik_rule: "Host(`{{ matrix_alertmanager_receiver_metrics_proxying_hostname }}`) && Path(`{{ matrix_alertmanager_receiver_container_labels_public_metrics_traefik_path }}`)"
-matrix_alertmanager_receiver_container_labels_public_metrics_traefik_priority: 0
-matrix_alertmanager_receiver_container_labels_public_metrics_traefik_entrypoints: "{{ matrix_alertmanager_receiver_container_labels_traefik_entrypoints }}"
-matrix_alertmanager_receiver_container_labels_public_metrics_traefik_tls: "{{ matrix_alertmanager_receiver_container_labels_public_metrics_traefik_entrypoints != 'web' }}"
-matrix_alertmanager_receiver_container_labels_public_metrics_traefik_tls_certResolver: "{{ matrix_alertmanager_receiver_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-matrix_alertmanager_receiver_container_labels_public_metrics_middleware_basic_auth_enabled: false
-# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
-matrix_alertmanager_receiver_container_labels_public_metrics_middleware_basic_auth_users: ''
-
-# matrix_alertmanager_receiver_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
-# See `../templates/labels.j2` for details.
-#
-# Example:
-# matrix_alertmanager_receiver_container_labels_additional_labels: |
-#   my.label=1
-#   another.label="here"
-matrix_alertmanager_receiver_container_labels_additional_labels: ''
-
-# A list of extra arguments to pass to the container
-matrix_alertmanager_receiver_container_extra_arguments: []
-
-# Controls the `--log-level` argument passed to the container process.
-# Valid values: error, warn, info, debug
-matrix_alertmanager_receiver_container_process_argument_log_level: info
-
-# A list of extra arguments to pass to the container process.
-matrix_alertmanager_receiver_container_process_extra_arguments: []
-
-# List of systemd services that matrix-alertmanager-receiver-proxy.service depends on
-matrix_alertmanager_receiver_systemd_required_services_list: "{{ matrix_alertmanager_receiver_systemd_required_services_list_default + matrix_alertmanager_receiver_systemd_required_services_list_auto + matrix_alertmanager_receiver_systemd_required_services_list_custom }}"
-matrix_alertmanager_receiver_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
-matrix_alertmanager_receiver_systemd_required_services_list_auto: []
-matrix_alertmanager_receiver_systemd_required_services_list_custom: []
-
-# List of systemd services that matrix-alertmanager-receiver-proxy.service wants
-matrix_alertmanager_receiver_systemd_wanted_services_list: []
-
-# Controls the `http.port` configuration setting.
-matrix_alertmanager_receiver_config_http_port: 12345
-
-# Controls the `http.alerts-path-prefix` configuration setting.
-matrix_alertmanager_receiver_config_http_alerts_path_prefix: /alerts
-
-# Controls the `http.metrics-enabled` configuration setting.
-matrix_alertmanager_receiver_config_http_metrics_enabled: false
-
-# Controls the `http.metrics-path` configuration setting.
-matrix_alertmanager_receiver_config_http_metrics_path: /metrics
-
-# Controls the `matrix.homeserver-url` configuration setting.
-matrix_alertmanager_receiver_config_matrix_homeserver_url: ''
-
-# Controls the `matrix.user-id` configuration setting.
-matrix_alertmanager_receiver_config_matrix_user_id: "@{{ matrix_alertmanager_receiver_config_matrix_user_id_localpart }}:{{ matrix_domain }}"
-matrix_alertmanager_receiver_config_matrix_user_id_localpart: "bot.alertmanager.receiver"
-
-# Controls the `matrix.access-token` configuration setting.
-matrix_alertmanager_receiver_config_matrix_access_token: ''
-
-# Controls the `matrix.room-mapping` configuration setting.
-#
-# Example:
-# matrix_alertmanager_receiver_config_matrix_room:
-#   simple-name: "!qohfwef7qwerf:example.com"
-#   another-name: "!bf3zfio3wbanw:example.com"
-matrix_alertmanager_receiver_config_matrix_room_mapping: {}
-
-# Controls the `templating.external-url-mapping` configuration setting.
-#
-# The key is the original value taken from the Alertmanager payload
-# The value is the mapped value which will be available as '.ExternalURL' in templates
-#
-# Example:
-# matrix_alertmanager_receiver_config_templating_external_url_mapping:
-#   "http://alertmanager:9093": https://alertmanager.example.com
-#   "http://alertmanager:9094": https://another.alertmanager.example.com
-matrix_alertmanager_receiver_config_templating_external_url_mapping: {}
-
-# Controls the `templating.generator-url-mapping` configuration setting.
-#
-# The key is the original value taken from the Alertmanager payload
-# The value is the mapped value which will be available as '.ExternalURL' in templates
-#
-# Example:
-# matrix_alertmanager_receiver_config_templating_generator_url_mapping:
-#   "http://prometheus:8080": https://prometheus.example.com
-#   "http://prometheus:8081": https://another.prometheus.example.com
-matrix_alertmanager_receiver_config_templating_generator_url_mapping: {}
-
-# Controls the `templating.computed-values` configuration setting.
-matrix_alertmanager_receiver_config_templating_computed_values: "{{ matrix_alertmanager_receiver_config_templating_computed_values_default + matrix_alertmanager_receiver_config_templating_computed_values_auto + matrix_alertmanager_receiver_config_templating_computed_values_custom }}"
-matrix_alertmanager_receiver_config_templating_computed_values_default:
-  - values:  # always set 'color' to 'yellow'
-      color: yellow
-  - values:  # set 'color' to 'orange' when alert label 'severity' is 'warning'
-      color: orange
-    when-matching-labels:
-      severity: warning
-  - values:  # set 'color' to 'red' when alert label 'severity' is 'critical'
-      color: red
-    when-matching-labels:
-      severity: critical
-  - values:  # set 'color' to 'green' when alert status is 'resolved'
-      color: green
-    when-matching-status: resolved
-matrix_alertmanager_receiver_config_templating_computed_values_auto: []
-matrix_alertmanager_receiver_config_templating_computed_values_custom: []
-
-# Controls the `templating.firing-template` configuration setting.
-matrix_alertmanager_receiver_config_templating_firing_template: |-
-  {% raw %}
-  <p>
-    <strong><font color="{{ .ComputedValues.color }}">{{ .Alert.Status | ToUpper }}</font></strong>
-    {{ if .Alert.Labels.name }}
-      {{ .Alert.Labels.name }}
-    {{ else if .Alert.Labels.alertname }}
-      {{ .Alert.Labels.alertname }}
-    {{ end }}
-    >>
-    {{ if .Alert.Labels.severity }}
-      {{ .Alert.Labels.severity | ToUpper }}:
-    {{ end }}
-    {{ if .Alert.Annotations.description }}
-      {{ .Alert.Annotations.description }}
-    {{ else if .Alert.Annotations.summary }}
-      {{ .Alert.Annotations.summary }}
-    {{ end }}
-    >>
-    {{ if .Alert.Annotations.runbook_url }}
-      <a href="{{ .Alert.Annotations.runbook_url }}">Runbook</a> |
-    {{ end }}
-    {{ if .Alert.Annotations.dashboard }}
-      <a href="{{ .Alert.Annotations.dashboard }}">Dashboard</a> |
-    {{ end }}
-    <a href="{{ .SilenceURL }}">Silence</a>
-  </p>
-  {% endraw %}
-
-# Controls the `templating.resolved-template` configuration setting.
-matrix_alertmanager_receiver_config_templating_resolved_template: |-
-  {% raw %}
-  <strong><font color="{{ .ComputedValues.color }}">{{ .Alert.Status | ToUpper }}</font></strong>
-  {{ if .Alert.Labels.name }}
-    {{ .Alert.Labels.name }}
-  {{ else if .Alert.Labels.alertname }}
-    {{ .Alert.Labels.alertname }}
-  {{ end }}
-  {% endraw %}
-
-# Default matrix-alertmanager-receiver configuration template which covers the generic use case.
-# You can customize it by controlling the various variables inside it.
-#
-# For a more advanced customization, you can extend the default (see `matrix_alertmanager_receiver_configuration_extension_yaml`)
-# or completely replace this variable with your own template.
-matrix_alertmanager_receiver_configuration_yaml: "{{ lookup('template', 'templates/config.yml.j2') }}"
-
-matrix_alertmanager_receiver_configuration_extension_yaml: |
-  # Your custom YAML configuration for matrix-alertmanager-receiver goes here.
-  # This configuration extends the default starting configuration (`matrix_alertmanager_receiver_configuration_yaml`).
-  #
-  # You can override individual variables from the default configuration, or introduce new ones.
-  #
-  # If you need something more special, you can take full control by
-  # completely redefining `matrix_alertmanager_receiver_configuration_yaml`.
-  #
-  # Example configuration extension follows:
-  #
-  # http:
-  #   address: ''
-
-matrix_alertmanager_receiver_configuration_extension: "{{ matrix_alertmanager_receiver_configuration_extension_yaml | from_yaml if matrix_alertmanager_receiver_configuration_extension_yaml | from_yaml is mapping else {} }}"
-
-# Holds the final matrix-alertmanager-receiver configuration (a combination of the default and its extension).
-# You most likely don't need to touch this variable. Instead, see `matrix_alertmanager_receiver_configuration_yaml`.
-matrix_alertmanager_receiver_configuration: "{{ matrix_alertmanager_receiver_configuration_yaml | from_yaml | combine(matrix_alertmanager_receiver_configuration_extension, recursive=True) }}"

roles/custom/matrix-alertmanager-receiver/tasks/install.yml

@@ -1,80 +0,0 @@
----
-
-- name: Ensure matrix-alertmanager-receiver paths exist
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    state: directory
-    mode: 0750
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  with_items:
-    - path: "{{ matrix_alertmanager_receiver_base_path }}"
-      when: true
-    - path: "{{ matrix_alertmanager_receiver_config_path }}"
-      when: true
-    - path: "{{ matrix_alertmanager_receiver_container_src_path }}"
-      when: "{{ matrix_alertmanager_receiver_container_image_self_build }}"
-  when: item.when | bool
-
-- name: Ensure matrix-alertmanager-receiver configuration installed
-  ansible.builtin.copy:
-    content: "{{ matrix_alertmanager_receiver_configuration | to_nice_yaml(indent=2, width=999999) }}"
-    dest: "{{ matrix_alertmanager_receiver_config_path }}/config.yml"
-    mode: 0644
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-
-- name: Ensure matrix-alertmanager-receiver support files installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/{{ item }}.j2"
-    dest: "{{ matrix_alertmanager_receiver_base_path }}/{{ item }}"
-    mode: 0640
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  with_items:
-    - labels
-
-- name: Ensure matrix-alertmanager-receiver container image is pulled
-  community.docker.docker_image:
-    name: "{{ matrix_alertmanager_receiver_container_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_alertmanager_receiver_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_alertmanager_receiver_container_image_force_pull }}"
-  when: "not matrix_alertmanager_receiver_container_image_self_build | bool"
-  register: result
-  retries: "{{ devture_playbook_help_container_retries_count }}"
-  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: result is not failed
-
-- when: matrix_alertmanager_receiver_container_image_self_build | bool
-  block:
-    - name: Ensure matrix-alertmanager-receiver repository is present on self-build
-      ansible.builtin.git:
-        repo: "{{ matrix_alertmanager_receiver_container_image_self_build_repo }}"
-        version: "{{ matrix_alertmanager_receiver_container_image_self_build_repo_version }}"
-        dest: "{{ matrix_alertmanager_receiver_container_src_path }}"
-        force: "yes"
-      become: true
-      become_user: "{{ matrix_user_username }}"
-      register: matrix_alertmanager_receiver_git_pull_results
-
-    - name: Ensure matrix-alertmanager-receiver container image is built
-      ansible.builtin.command:
-        cmd: |-
-          {{ devture_systemd_docker_base_host_command_docker }} buildx build
-          --tag={{ matrix_alertmanager_receiver_container_image }}
-          --file={{ matrix_alertmanager_receiver_container_src_path }}/contrib/Dockerfile
-          {{ matrix_alertmanager_receiver_container_src_path }}
-      changed_when: true
-
-- name: Ensure matrix-alertmanager-receiver container network is created
-  community.general.docker_network:
-    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
-    name: "{{ matrix_alertmanager_receiver_container_network }}"
-    driver: bridge
-
-- name: Ensure matrix-alertmanager-receiver.service installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/systemd/matrix-alertmanager-receiver.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-alertmanager-receiver.service"
-    mode: 0644

roles/custom/matrix-alertmanager-receiver/tasks/main.yml

@@ -1,20 +0,0 @@
----
-
-- tags:
-    - setup-all
-    - setup-alertmanager-receiver
-    - install-all
-    - install-alertmanager-receiver
-  block:
-    - when: matrix_alertmanager_receiver_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
-
-    - when: matrix_alertmanager_receiver_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
-
-- tags:
-    - setup-all
-    - setup-alertmanager-receiver
-  block:
-    - when: not matrix_alertmanager_receiver_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"

roles/custom/matrix-alertmanager-receiver/tasks/uninstall.yml

@@ -1,25 +0,0 @@
----
-
-- name: Check existence of matrix-alertmanager-receiver service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-alertmanager-receiver.service"
-  register: matrix_alertmanager_receiver_service_stat
-
-- when: matrix_alertmanager_receiver_service_stat.stat.exists | bool
-  block:
-    - name: Ensure matrix-alertmanager-receiver is stopped
-      ansible.builtin.service:
-        name: matrix-alertmanager-receiver
-        state: stopped
-        enabled: false
-        daemon_reload: true
-
-    - name: Ensure matrix-alertmanager-receiver.service doesn't exist
-      ansible.builtin.file:
-        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-alertmanager-receiver.service"
-        state: absent
-
-    - name: Ensure matrix-alertmanager-receiver paths don't exist
-      ansible.builtin.file:
-        path: "{{ matrix_alertmanager_receiver_base_path }}"
-        state: absent

roles/custom/matrix-alertmanager-receiver/tasks/validate_config.yml

@@ -1,14 +0,0 @@
----
-- name: Fail if required matrix-alertmanager-receiver settings not defined
-  ansible.builtin.fail:
-    msg: >
-      You need to define a required configuration setting (`{{ item.name }}`).
-  when: "item.when | bool and vars[item.name] == ''"
-  with_items:
-    - {'name': 'matrix_alertmanager_receiver_hostname', when: true}
-    - {'name': 'matrix_alertmanager_receiver_path_prefix', when: true}
-    - {'name': 'matrix_alertmanager_receiver_config_matrix_homeserver_url', when: true}
-    - {'name': 'matrix_alertmanager_receiver_config_matrix_access_token', when: true}
-    - {'name': 'matrix_alertmanager_receiver_container_network', when: true}
-    - {'name': 'matrix_alertmanager_receiver_metrics_proxying_hostname', when: "{{ matrix_alertmanager_receiver_metrics_proxying_enabled }}"}
-    - {'name': 'matrix_alertmanager_receiver_metrics_proxying_path_prefix', when: "{{ matrix_alertmanager_receiver_metrics_proxying_enabled }}"}

roles/custom/matrix-alertmanager-receiver/templates/config.yml.j2

@@ -1,37 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-# configuration of the HTTP server
-http:
-  address: 0.0.0.0 # bind address for this service. Can be left unspecified to bind on all interfaces
-  port: {{ matrix_alertmanager_receiver_config_http_port | to_json }} # port used by this service
-  alerts-path-prefix: {{ matrix_alertmanager_receiver_config_http_alerts_path_prefix | to_json }} # URL path for the webhook receiver called by an Alertmanager. Defaults to /alerts
-  metrics-path: {{ matrix_alertmanager_receiver_config_http_metrics_path | to_json }} # URL path to collect metrics. Defaults to /metrics
-  metrics-enabled: {{ matrix_alertmanager_receiver_config_http_metrics_enabled | to_json }} # Whether to enable metrics or not. Defaults to false
-
-# configuration for the Matrix connection
-matrix:
-  homeserver-url: {{ matrix_alertmanager_receiver_config_matrix_homeserver_url | to_json }} # FQDN of the homeserver
-  user-id: {{ matrix_alertmanager_receiver_config_matrix_user_id | to_json }} # ID of the user used by this service
-  access-token: {{ matrix_alertmanager_receiver_config_matrix_access_token | to_json }} # Access token for the user ID
-  # define short names for Matrix room ID
-  room-mapping: {{ matrix_alertmanager_receiver_config_matrix_room_mapping | to_json }}
-
-# configuration of the templating features
-templating:
-  # mapping of ExternalURL values
-  # key is the original value taken from the Alertmanager payload
-  # value is the mapped value which will be available as '.ExternalURL' in templates
-  external-url-mapping: {{ matrix_alertmanager_receiver_config_templating_external_url_mapping | to_json }}
-  # mapping of GeneratorURL values
-  # key is the original value taken from the Alertmanager payload
-  # value is the mapped value which will be available as '.GeneratorURL' in templates
-  generator-url-mapping: {{ matrix_alertmanager_receiver_config_templating_generator_url_mapping | to_json }}
-
-  # computation of arbitrary values based on matching alert annotations, labels, or status
-  # values will be evaluated top to bottom, last entry wins
-  computed-values: {{ matrix_alertmanager_receiver_config_templating_computed_values | to_json }}
-
-  # template for alerts in status 'firing'
-  firing-template: {{ matrix_alertmanager_receiver_config_templating_firing_template | to_json }}
-
-  # template for alerts in status 'resolved', if not specified will use the firing-template
-  resolved-template: {{ matrix_alertmanager_receiver_config_templating_resolved_template | to_json }}

roles/custom/matrix-alertmanager-receiver/templates/labels.j2

@@ -1,69 +0,0 @@
-{% if matrix_alertmanager_receiver_container_labels_traefik_enabled %}
-traefik.enable=true
-
-{% if matrix_alertmanager_receiver_container_labels_traefik_docker_network %}
-traefik.docker.network={{ matrix_alertmanager_receiver_container_labels_traefik_docker_network }}
-{% endif %}
-
-traefik.http.services.matrix-alertmanager-receiver.loadbalancer.server.port={{ matrix_alertmanager_receiver_config_http_port }}
-
-{% set middlewares = [] %}
-
-{% if matrix_alertmanager_receiver_container_labels_traefik_path_prefix != '/' %}
-traefik.http.middlewares.matrix-alertmanager-receiver-slashless-redirect.redirectregex.regex=({{ matrix_alertmanager_receiver_container_labels_traefik_path_prefix | quote }})$
-traefik.http.middlewares.matrix-alertmanager-receiver-slashless-redirect.redirectregex.replacement=${1}/
-{% set middlewares = middlewares + ['matrix-alertmanager-receiver-slashless-redirect'] %}
-{% endif %}
-
-{% if matrix_alertmanager_receiver_container_labels_traefik_path_prefix != '/' %}
-traefik.http.middlewares.matrix-alertmanager-receiver-strip-prefix.stripprefix.prefixes={{ matrix_alertmanager_receiver_container_labels_traefik_path_prefix }}
-{% set middlewares = middlewares + ['matrix-alertmanager-receiver-strip-prefix'] %}
-{% endif %}
-
-traefik.http.routers.matrix-alertmanager-receiver.rule={{ matrix_alertmanager_receiver_container_labels_traefik_rule }}
-{% if matrix_alertmanager_receiver_container_labels_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-alertmanager-receiver.priority={{ matrix_alertmanager_receiver_container_labels_traefik_priority }}
-{% endif %}
-traefik.http.routers.matrix-alertmanager-receiver.service=matrix-alertmanager-receiver
-{% if middlewares | length > 0 %}
-traefik.http.routers.matrix-alertmanager-receiver.middlewares={{ middlewares | join(',') }}
-{% endif %}
-traefik.http.routers.matrix-alertmanager-receiver.entrypoints={{ matrix_alertmanager_receiver_container_labels_traefik_entrypoints }}
-traefik.http.routers.matrix-alertmanager-receiver.tls={{ matrix_alertmanager_receiver_container_labels_traefik_tls | to_json }}
-{% if matrix_alertmanager_receiver_container_labels_traefik_tls %}
-traefik.http.routers.matrix-alertmanager-receiver.tls.certResolver={{ matrix_alertmanager_receiver_container_labels_traefik_tls_certResolver }}
-{% endif %}
-
-{% if matrix_alertmanager_receiver_container_labels_public_metrics_enabled %}
-{% set metrics_middlewares = [] %}
-
-{% if matrix_alertmanager_receiver_container_labels_public_metrics_middleware_basic_auth_enabled %}
-{% set metrics_middlewares = metrics_middlewares + ['matrix-alertmanager-receiver-metrics-basic-auth'] %}
-traefik.http.middlewares.matrix-alertmanager-receiver-metrics-basic-auth.basicauth.users={{ matrix_alertmanager_receiver_container_labels_public_metrics_middleware_basic_auth_users }}
-{% endif %}
-
-{% set metrics_middlewares = metrics_middlewares + ['matrix-alertmanager-receiver-metrics-replacepath'] %}
-traefik.http.middlewares.matrix-alertmanager-receiver-metrics-replacepath.replacepath.path={{ matrix_alertmanager_receiver_config_http_metrics_path }}
-
-traefik.http.routers.matrix-alertmanager-receiver-metrics.rule={{ matrix_alertmanager_receiver_container_labels_public_metrics_traefik_rule }}
-
-{% if metrics_middlewares | length > 0 %}
-traefik.http.routers.matrix-alertmanager-receiver-metrics.middlewares={{ metrics_middlewares | join(',') }}
-{% endif %}
-
-{% if matrix_alertmanager_receiver_container_labels_public_metrics_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-alertmanager-receiver-metrics.priority={{ matrix_alertmanager_receiver_container_labels_public_metrics_traefik_priority }}
-{% endif %}
-
-traefik.http.routers.matrix-alertmanager-receiver-metrics.service=matrix-alertmanager-receiver
-traefik.http.routers.matrix-alertmanager-receiver-metrics.entrypoints={{ matrix_alertmanager_receiver_container_labels_public_metrics_traefik_entrypoints }}
-
-traefik.http.routers.matrix-alertmanager-receiver-metrics.tls={{ matrix_alertmanager_receiver_container_labels_public_metrics_traefik_tls | to_json }}
-{% if matrix_alertmanager_receiver_container_labels_public_metrics_traefik_tls %}
-traefik.http.routers.matrix-alertmanager-receiver-metrics.tls.certResolver={{ matrix_alertmanager_receiver_container_labels_public_metrics_traefik_tls_certResolver }}
-{% endif %}
-{% endif %}
-
-{% endif %}
-
-{{ matrix_alertmanager_receiver_container_labels_additional_labels }}

roles/custom/matrix-alertmanager-receiver/templates/systemd/matrix-alertmanager-receiver.service.j2

@@ -1,50 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-[Unit]
-Description=matrix-alertmanager-receiver
-{% for service in matrix_alertmanager_receiver_systemd_required_services_list %}
-Requires={{ service }}
-After={{ service }}
-{% endfor %}
-{% for service in matrix_alertmanager_receiver_systemd_wanted_services_list %}
-Wants={{ service }}
-{% endfor %}
-DefaultDependencies=no
-
-[Service]
-Type=simple
-Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-alertmanager-receiver 2>/dev/null || true'
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-alertmanager-receiver 2>/dev/null || true'
-
-ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
-			--rm \
-			--name=matrix-alertmanager-receiver \
-			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--cap-drop=ALL \
-			--read-only \
-			--network={{ matrix_alertmanager_receiver_container_network }} \
-			--mount type=bind,src={{ matrix_alertmanager_receiver_config_path }},dst=/config,ro \
-			--label-file={{ matrix_alertmanager_receiver_base_path }}/labels \
-			{% for arg in matrix_alertmanager_receiver_container_extra_arguments %}
-			{{ arg }} \
-			{% endfor %}
-			{{ matrix_alertmanager_receiver_container_image }} \
-			--config-path=/config/config.yml {{ matrix_alertmanager_receiver_container_process_extra_arguments | join(' ') }} \
-			--log-level={{ matrix_alertmanager_receiver_container_process_argument_log_level }}
-
-{% for network in matrix_alertmanager_receiver_container_additional_networks %}
-ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-alertmanager-receiver
-{% endfor %}
-
-ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-alertmanager-receiver
-
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-alertmanager-receiver 2>/dev/null || true'
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-alertmanager-receiver 2>/dev/null || true'
-
-Restart=always
-RestartSec=30
-SyslogIdentifier=matrix-alertmanager-receiver
-
-[Install]
-WantedBy=multi-user.target

roles/custom/matrix-appservice-double-puppet/defaults/main.yml

@@ -1,40 +0,0 @@
----
-
-matrix_appservice_double_puppet_enabled: true
-
-matrix_appservice_double_puppet_base_path: "{{ matrix_base_data_path }}/appservice-double-puppet"
-matrix_appservice_double_puppet_config_path: "{{ matrix_appservice_double_puppet_base_path }}/config"
-
-matrix_appservice_double_puppet_registration_id: double-puppet
-matrix_appservice_double_puppet_registration_url: ~
-matrix_appservice_double_puppet_registration_as_token: ''
-matrix_appservice_double_puppet_registration_hs_token: ''
-matrix_appservice_double_puppet_registration_sender_localpart: appservice-double-puppet
-
-matrix_appservice_double_puppet_registration_namespace_user_regex: "{{ '@.*:' + (matrix_domain | regex_escape) }}"
-
-# Default matrix-appservice-double-puppet registration configuration template which covers the generic use case.
-# You can customize it by controlling the various variables inside it.
-#
-# For a more advanced customization, you can extend the default (see `matrix_appservice_double_puppet_registration_configuration_extension_yaml`)
-# or completely replace this variable with your own template.
-matrix_appservice_double_puppet_registration_configuration_yaml: "{{ lookup('template', 'templates/registration.yaml.j2') }}"
-
-matrix_appservice_double_puppet_registration_configuration_extension_yaml: |
-  # Your custom YAML configuration for matrix-appservice-double-puppet goes here.
-  # This configuration extends the default starting configuration (`matrix_appservice_double_puppet_registration_configuration_yaml`).
-  #
-  # You can override individual variables from the default configuration, or introduce new ones.
-  #
-  # If you need something more special, you can take full control by
-  # completely redefining `matrix_appservice_double_puppet_registration_configuration_yaml`.
-  #
-  # Example configuration extension follows:
-  #
-  # rate_limited: true
-
-matrix_appservice_double_puppet_registration_configuration_extension: "{{ matrix_appservice_double_puppet_registration_configuration_extension_yaml | from_yaml if matrix_appservice_double_puppet_registration_configuration_extension_yaml | from_yaml is mapping else {} }}"
-
-# Holds the final matrix-appservice-double-puppet configuration (a combination of the default and its extension).
-# You most likely don't need to touch this variable. Instead, see `matrix_appservice_double_puppet_registration_configuration_yaml`.
-matrix_appservice_double_puppet_registration_configuration: "{{ matrix_appservice_double_puppet_registration_configuration_yaml | from_yaml | combine(matrix_appservice_double_puppet_registration_configuration_extension, recursive=True) }}"

roles/custom/matrix-appservice-double-puppet/tasks/install.yml

@@ -1,23 +0,0 @@
----
-
-- name: Ensure matrix-appservice-double-puppet paths exist
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    state: directory
-    mode: 0750
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  with_items:
-    - path: "{{ matrix_appservice_double_puppet_base_path }}"
-      when: true
-    - path: "{{ matrix_appservice_double_puppet_config_path }}"
-      when: true
-  when: item.when | bool
-
-- name: Ensure matrix-appservice-double-puppet registration configuration installed
-  ansible.builtin.copy:
-    content: "{{ matrix_appservice_double_puppet_registration_configuration | to_nice_yaml(indent=2, width=999999) }}"
-    dest: "{{ matrix_appservice_double_puppet_config_path }}/registration.yaml"
-    mode: 0644
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"

roles/custom/matrix-appservice-double-puppet/tasks/main.yml

@@ -1,20 +0,0 @@
----
-
-- tags:
-    - setup-all
-    - setup-appservice-double-puppet
-    - install-all
-    - install-appservice-double-puppet
-  block:
-    - when: matrix_appservice_double_puppet_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
-
-    - when: matrix_appservice_double_puppet_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
-
-- tags:
-    - setup-all
-    - setup-appservice-double-puppet
-  block:
-    - when: not matrix_appservice_double_puppet_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"

roles/custom/matrix-appservice-double-puppet/tasks/uninstall.yml

@@ -1,6 +0,0 @@
----
-
-- name: Ensure matrix-appservice-double-puppet paths don't exist
-  ansible.builtin.file:
-    path: "{{ matrix_appservice_double_puppet_base_path }}"
-    state: absent

roles/custom/matrix-appservice-double-puppet/tasks/validate_config.yml

@@ -1,10 +0,0 @@
----
-- name: Fail if required matrix-appservice-double-puppet settings not defined
-  ansible.builtin.fail:
-    msg: >
-      You need to define a required configuration setting (`{{ item.name }}`).
-  when: "item.when | bool and vars[item.name] == ''"
-  with_items:
-    - {'name': 'matrix_appservice_double_puppet_registration_as_token', when: true}
-    - {'name': 'matrix_appservice_double_puppet_registration_as_token', when: true}
-    - {'name': 'matrix_appservice_double_puppet_registration_sender_localpart', when: true}

roles/custom/matrix-appservice-double-puppet/templates/registration.yaml.j2

@@ -1,21 +0,0 @@
-# The ID doesn't really matter, put whatever you want.
-id: {{ matrix_appservice_double_puppet_registration_id | to_json }}
-# The URL is intentionally left empty (null), as the homeserver shouldn't
-# push events anywhere for this extra appservice. If you use a
-# non-spec-compliant server, you may need to put some fake URL here.
-url: {{ matrix_appservice_double_puppet_registration_url | to_json }}
-# Generate random strings for these three fields. Only the as_token really
-# matters, hs_token is never used because there's no url, and the default
-# user (sender_localpart) is never used either.
-as_token: {{ matrix_appservice_double_puppet_registration_as_token | to_json }}
-hs_token: {{ matrix_appservice_double_puppet_registration_hs_token | to_json }}
-sender_localpart: {{ matrix_appservice_double_puppet_registration_sender_localpart | to_json}}
-# Bridges don't like ratelimiting. This should only apply when using the
-# as_token, normal user tokens will still be ratelimited.
-rate_limited: false
-namespaces:
-  users:
-  # Replace your\.domain with your server name (escape dots for regex)
-  - regex: {{ matrix_appservice_double_puppet_registration_namespace_user_regex | to_json }}
-    # This must be false so the appservice doesn't take over all users completely.
-    exclusive: false

roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml

@@ -30,7 +30,7 @@ matrix_appservice_draupnir_for_all_container_extra_arguments: []
 
 # List of systemd services that matrix-bot-draupnir.service depends on
 matrix_appservice_draupnir_for_all_systemd_required_services_list: "{{ matrix_appservice_draupnir_for_all_systemd_required_services_list_default + matrix_appservice_draupnir_for_all_systemd_required_services_list_auto + matrix_appservice_draupnir_for_all_systemd_required_services_list_custom }}"
-matrix_appservice_draupnir_for_all_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_appservice_draupnir_for_all_systemd_required_services_list_default: ['docker.service']
 matrix_appservice_draupnir_for_all_systemd_required_services_list_auto: []
 matrix_appservice_draupnir_for_all_systemd_required_services_list_custom: []
 

roles/custom/matrix-base/defaults/main.yml

@@ -154,7 +154,7 @@ matrix_host_command_chown: "/usr/bin/env chown"
 matrix_host_command_fusermount: "/usr/bin/env fusermount"
 matrix_host_command_openssl: "/usr/bin/env openssl"
 
-matrix_homeserver_url: "{{ ('https' if matrix_playbook_ssl_enabled else 'http') }}://{{ matrix_server_fqn_matrix }}"
+matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
 
 # Specifies on which container network the homeserver is.
 matrix_homeserver_container_network: "matrix-homeserver"
@@ -263,16 +263,7 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled: true
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_name: "{{ matrix_federation_traefik_entrypoint_name }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port: "{{ matrix_federation_public_port }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: "{{ matrix_federation_public_port }}"
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled else '' }}"
+matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom, recursive=True) }}"
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config: "{{ (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default | combine (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto)) | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom, recursive=True) }}"
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: true
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port }}"  # noqa var-naming
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default: |
-  {{
-    ({'http3': {'advertisedPort': matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort | int}})
-    if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled
-    else {}
-  }}
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto: {}
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom: {}
 
@@ -280,7 +271,6 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition:
   name: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_name }}"
   port: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port }}"
   host_bind_port: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port }}"
-  host_bind_port_udp: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp }}"
   config: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config }}"
 
 # Controls whether to enable an additional Traefik entrypoint for the purpose of serving the homeserver's Client-Server API internally.

roles/custom/matrix-bot-buscarron/defaults/main.yml

@@ -5,8 +5,8 @@
 
 matrix_bot_buscarron_enabled: true
 
-# renovate: datasource=docker depName=ghcr.io/etkecc/buscarron
+# renovate: datasource=docker depName=registry.gitlab.com/etke.cc/buscarron
-matrix_bot_buscarron_version: v1.4.3
+matrix_bot_buscarron_version: v1.4.1
 
 # The hostname at which Buscarron is served.
 matrix_bot_buscarron_hostname: ''
@@ -29,8 +29,8 @@ matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git"
 matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}"
 matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
 
-matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}etkecc/buscarron:{{ matrix_bot_buscarron_version }}"
+matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}etke.cc/buscarron:{{ matrix_bot_buscarron_version }}"
-matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'ghcr.io/' }}"
+matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
 
 # The base container network. It will be auto-created by this role if it doesn't exist already.
@@ -50,17 +50,6 @@ matrix_bot_buscarron_metrics_password: ''
 # /metrics allowed ips
 matrix_bot_buscarron_metrics_ips: []
 
-# healthchecks.io integration
-matrix_bot_buscarron_hc_url: ''  # default is https://hc-ping.com (healthchecks.io)
-matrix_bot_buscarron_hc_uuid: ''  # check UUID
-
-# redmine integration
-matrix_bot_buscarron_redmine_host: ''  # e.g. https://redmine.example.com
-matrix_bot_buscarron_redmine_apikey: ''
-matrix_bot_buscarron_redmine_project: ''  # project identifier (e.g., my-project)
-matrix_bot_buscarron_redmine_trackerid: ''  # task tracker ID (e.g., 1)
-matrix_bot_buscarron_redmine_statusid: ''  # task status ID (e.g., 1)
-
 
 # matrix_bot_buscarron_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
 # See `../templates/labels.j2` for details.
@@ -99,7 +88,7 @@ matrix_bot_buscarron_container_extra_arguments: []
 
 # List of systemd services that matrix-bot-buscarron.service depends on
 matrix_bot_buscarron_systemd_required_services_list: "{{ matrix_bot_buscarron_systemd_required_services_list_default + matrix_bot_buscarron_systemd_required_services_list_auto + matrix_bot_buscarron_systemd_required_services_list_custom }}"
-matrix_bot_buscarron_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_bot_buscarron_systemd_required_services_list_default: ['docker.service']
 matrix_bot_buscarron_systemd_required_services_list_auto: []
 matrix_bot_buscarron_systemd_required_services_list_custom: []
 

roles/custom/matrix-bot-buscarron/templates/env.j2

@@ -5,8 +5,6 @@ BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }}
 BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }}
 BUSCARRON_SPAMLIST={{ matrix_bot_buscarron_spamlist|join(" ") }}
 BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }}
-BUSCARRON_HC_URL={{ matrix_bot_buscarron_hc_url }}
-BUSCARRON_HC_UUID={{ matrix_bot_buscarron_hc_uuid }}
 BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }}
 BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }}
 BUSCARRON_BAN_LIST={{ matrix_bot_buscarron_ban_list|default('')|join(' ') }}
@@ -18,11 +16,6 @@ BUSCARRON_SMTP_VALIDATION={{ matrix_bot_buscarron_smtp_validation }}
 BUSCARRON_METRICS_LOGIN={{ matrix_bot_buscarron_metrics_login }}
 BUSCARRON_METRICS_PASSWORD={{ matrix_bot_buscarron_metrics_password }}
 BUSCARRON_METRICS_IPS={{ matrix_bot_buscarron_metrics_ips|default([])|join(" ") }}
-BUSCARRON_REDMINE_HOST={{ matrix_bot_buscarron_redmine_host }}
-BUSCARRON_REDMINE_APIKEY={{ matrix_bot_buscarron_redmine_apikey }}
-BUSCARRON_REDMINE_PROJECT={{ matrix_bot_buscarron_redmine_project }}
-BUSCARRON_REDMINE_TRACKERID={{ matrix_bot_buscarron_redmine_trackerid }}
-BUSCARRON_REDMINE_STATUSID={{ matrix_bot_buscarron_redmine_statusid }}
 {% set forms = [] %}
 {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}}
 BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }}

roles/custom/matrix-bot-chatgpt/defaults/main.yml

@@ -37,7 +37,7 @@ matrix_bot_chatgpt_container_extra_arguments: []
 
 # List of systemd services that matrix-bot-chatgpt.service depends on
 matrix_bot_chatgpt_systemd_required_services_list: "{{ matrix_bot_chatgpt_systemd_required_services_list_default + matrix_bot_chatgpt_systemd_required_services_list_auto + matrix_bot_chatgpt_systemd_required_services_list_custom }}"
-matrix_bot_chatgpt_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_bot_chatgpt_systemd_required_services_list_default: ['docker.service']
 matrix_bot_chatgpt_systemd_required_services_list_auto: []
 matrix_bot_chatgpt_systemd_required_services_list_custom: []
 

roles/custom/matrix-bot-draupnir/defaults/main.yml

@@ -19,27 +19,18 @@ matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config"
 matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data"
 matrix_bot_draupnir_docker_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"
 
-matrix_bot_draupnir_abuse_reporting_enabled: false
-matrix_bot_draupnir_web_enabled: "{{ matrix_bot_draupnir_abuse_reporting_enabled }}"
-matrix_bot_draupnir_display_reports: "{{ matrix_bot_draupnir_abuse_reporting_enabled }}"
-
 matrix_bot_draupnir_container_network: ""
 
 matrix_bot_draupnir_container_additional_networks: "{{ matrix_bot_draupnir_container_additional_networks_auto + matrix_bot_draupnir_container_additional_networks_custom }}"
 matrix_bot_draupnir_container_additional_networks_auto: []
 matrix_bot_draupnir_container_additional_networks_custom: []
 
-# Controls whether the matrix-bot-draupnir container exposes its HTTP port (tcp/80 in the container).
-#
-# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8766"), or empty string to not expose.
-matrix_bot_draupnir_container_http_host_bind_port: ''
-
 # A list of extra arguments to pass to the container
 matrix_bot_draupnir_container_extra_arguments: []
 
 # List of systemd services that matrix-bot-draupnir.service depends on
 matrix_bot_draupnir_systemd_required_services_list: "{{ matrix_bot_draupnir_systemd_required_services_list_default + matrix_bot_draupnir_systemd_required_services_list_auto + matrix_bot_draupnir_systemd_required_services_list_custom }}"
-matrix_bot_draupnir_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_bot_draupnir_systemd_required_services_list_default: ['docker.service']
 matrix_bot_draupnir_systemd_required_services_list_auto: []
 matrix_bot_draupnir_systemd_required_services_list_custom: []
 
@@ -105,25 +96,3 @@ matrix_bot_draupnir_configuration_extension: "{{ matrix_bot_draupnir_configurati
 # Holds the final configuration (a combination of the default and its extension).
 # You most likely don't need to touch this variable. Instead, see `matrix_bot_draupnir_configuration_yaml`.
 matrix_bot_draupnir_configuration: "{{ matrix_bot_draupnir_configuration_yaml | from_yaml | combine(matrix_bot_draupnir_configuration_extension, recursive=True) }}"
-
-# Controls whether labels will be added that redirect the /_matrix/client/../rooms/../report paths to draupnir
-# Following these recommendations (https://github.com/element-hq/synapse/blob/master/docs/reverse_proxy.md), by default, we don't.
-# Regardless of whether this is enabled, it may or may not take effect due to the value of other variables.
-# See `matrix_synapse_container_labels_traefik_enabled` or `matrix_synapse_container_labels_matrix_related_labels_enabled`
-matrix_bot_draupnir_container_labels_traefik_enabled: false
-matrix_bot_draupnir_container_labels_traefik_docker_network: "{{ matrix_draupnir_bot_container_network }}"
-matrix_bot_draupnir_container_labels_traefik_hostname: "{{ matrix_synapse_container_labels_traefik_hostname }}"
-matrix_bot_draupnir_container_labels_traefik_path_regexp: "^/_matrix/client/(r0|v3)/rooms/([^/]*)/report/"
-matrix_bot_draupnir_container_labels_traefik_rule: "Host(`{{ matrix_bot_draupnir_container_labels_traefik_hostname }}`) && PathRegexp(`{{ matrix_bot_draupnir_container_labels_traefik_path_regexp }}`)"
-matrix_bot_draupnir_container_labels_traefik_priority: 0
-matrix_bot_draupnir_container_labels_traefik_entrypoints: "{{ matrix_synapse_container_labels_traefik_entrypoints }}"
-matrix_bot_draupnir_container_labels_traefik_tls: "{{ matrix_bot_draupnir_container_labels_traefik_entrypoints != 'web' }}"
-matrix_bot_draupnir_container_labels_traefik_tls_certResolver: "{{ matrix_synapse_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-# matrix_bot_draupnir_container_labels_traefik_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
-# See `../templates/labels.j2` for details.
-#
-# Example:
-# matrix_bot_draupnir_container_labels_traefik_labels_additional_labels: |
-#   my.label=1
-#   another.label="here"
-matrix_bot_draupnir_container_labels_traefik_labels_additional_labels: ''

roles/custom/matrix-bot-draupnir/tasks/setup_install.yml

@@ -17,17 +17,6 @@
     - {path: "{{ matrix_bot_draupnir_docker_src_files_path }}", when: "{{ matrix_bot_draupnir_container_image_self_build }}"}
   when: "item.when | bool"
 
-- name: Ensure matrix-bot-draupnir support files installed
-  ansible.builtin.template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-    mode: 0644
-  with_items:
-    - src: "{{ role_path }}/templates/labels.j2"
-      dest: "{{ matrix_bot_draupnir_base_path }}/labels"
-
 - name: Ensure draupnir Docker image is pulled
   community.docker.docker_image:
     name: "{{ matrix_bot_draupnir_docker_image }}"

roles/custom/matrix-bot-draupnir/templates/labels.j2

@@ -1,53 +0,0 @@
-{% if matrix_bot_draupnir_container_labels_traefik_enabled %}
-traefik.enable=true
-
-{% if matrix_bot_draupnir_container_labels_traefik_docker_network %}
-traefik.docker.network={{ matrix_bot_draupnir_container_labels_traefik_docker_network }}
-{% endif %}
-
-traefik.http.services.matrix-bot-draupnir.loadbalancer.server.port=8080
-
-############################################################
-#                                                          #
-# Abuse Reports (/_matrix/client/../rooms/../report)       #
-#                                                          #
-############################################################
-
-{% set middlewares = [] %}
-
-traefik.http.middlewares.matrix-bot-draupnir-redirect.replacepathregex.regex=^/_matrix/client/(r0|v3)/rooms/([^/]*)/report/(.*)$
-traefik.http.middlewares.matrix-bot-draupnir-redirect.replacepathregex.replacement=/api/1/report/$2/$3
-
-{% set middlewares = middlewares + ['matrix-bot-draupnir-redirect'] %}
-
-traefik.http.middlewares.matrix-bot-draupnir-cors.headers.accesscontrolalloworiginlist=*
-traefik.http.middlewares.matrix-bot-draupnir-cors.headers.accesscontrolallowheaders=Content-Type,Authorization
-traefik.http.middlewares.matrix-bot-draupnir-cors.headers.accesscontrolallowmethods=POST,OPTIONS
-
-{% set middlewares = middlewares + ['matrix-bot-draupnir-cors'] %}
-
-traefik.http.routers.matrix-bot-draupnir.rule={{ matrix_bot_draupnir_container_labels_traefik_rule }}
-
-{% if matrix_bot_draupnir_container_labels_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-bot-draupnir.priority={{ matrix_bot_draupnir_container_labels_traefik_priority }}
-{% endif %}
-{% if middlewares | length > 0 %}
-traefik.http.routers.matrix-bot-draupnir.middlewares={{ middlewares | join(',') }}
-{% endif %}
-
-traefik.http.routers.matrix-bot-draupnir.service=matrix-bot-draupnir
-traefik.http.routers.matrix-bot-draupnir.entrypoints={{ matrix_bot_draupnir_container_labels_traefik_entrypoints }}
-traefik.http.routers.matrix-bot-draupnir.tls={{ matrix_bot_draupnir_container_labels_traefik_tls | to_json }}
-
-{% if matrix_bot_draupnir_container_labels_traefik_tls %}
-traefik.http.routers.matrix-bot-draupnir.tls.certResolver={{ matrix_bot_draupnir_container_labels_traefik_tls_certResolver }}
-{% endif %}
-
-############################################################
-#                                                          #
-# /Abuse Reports (/_matrix/client/../rooms/../report)      #
-#                                                          #
-############################################################
-{% endif %}
-
-{{ matrix_bot_draupnir_container_labels_traefik_labels_additional_labels }}

roles/custom/matrix-bot-draupnir/templates/production.yaml.j2

@@ -227,29 +227,32 @@ health:
     # Defaults to 418.
     unhealthyStatus: 418
 
-{% if matrix_bot_draupnir_web_enabled %}
 # Options for exposing web APIs.
-web:
+#web:
-  # Whether to enable web APIs.
+#  # Whether to enable web APIs.
-  enabled: true
+#  enabled: false
-
+#
-  # The port to expose the webserver on. Defaults to 8080.
+#  # The port to expose the webserver on. Defaults to 8080.
-  port: 8080
+#  port: 8080
-
+#
-  # The address to listen for requests on. Defaults to only the current
+#  # The address to listen for requests on. Defaults to only the current
-  # computer.
+#  # computer.
-  address: 0.0.0.0
+#  address: localhost
-
+#
-  # A web API designed to intercept Matrix API
+#  # Alternative setting to open to the entire web. Be careful,
-  # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId}
+#  # as this will increase your security perimeter:
-  # and display readable abuse reports in the moderation room.
+#  #
-  #
+#  #  address: "0.0.0.0"
-  # If you wish to take advantage of this feature, you will need
+#
-  # to configure a reverse proxy, see e.g. test/nginx.conf
+#  # A web API designed to intercept Matrix API
-  abuseReporting:
+#  # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId}
-    # Whether to enable this feature.
+#  # and display readable abuse reports in the moderation room.
-    enabled: {{ matrix_bot_draupnir_abuse_reporting_enabled | to_json }}
+#  #
-{% endif %}
+#  # If you wish to take advantage of this feature, you will need
+#  # to configure a reverse proxy, see e.g. test/nginx.conf
+#  abuseReporting:
+#    # Whether to enable this feature.
+#    enabled: false
 
 # Whether or not to actively poll synapse for abuse reports, to be used
 # instead of intercepting client calls to synapse's abuse endpoint, when that
@@ -258,4 +261,4 @@ pollReports: false
 
 # Whether or not new reports, received either by webapi or polling,
 # should be printed to our managementRoom.
-displayReports: {{ matrix_bot_draupnir_display_reports | to_json }}
+displayReports: false

roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2

@@ -24,17 +24,13 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--cap-drop=ALL \
 			--read-only \
 			--network={{ matrix_bot_draupnir_container_network }} \
-			{% if matrix_bot_draupnir_container_http_host_bind_port %}
-			-p {{ matrix_bot_draupnir_container_http_host_bind_port }}:8080 \
-			{% endif %}
-			--label-file={{ matrix_bot_draupnir_base_path }}/labels \
 			--mount type=bind,src={{ matrix_bot_draupnir_config_path }},dst=/data/config,ro \
 			--mount type=bind,src={{ matrix_bot_draupnir_data_path }},dst=/data \
 			{% for arg in matrix_bot_draupnir_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_bot_draupnir_docker_image }} \
-			bot --draupnir-config /data/config/production.yaml
+			bot --draupnir-config /data/config/production.yaml 
 
 {% for network in matrix_bot_draupnir_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-draupnir

roles/custom/matrix-bot-go-neb/defaults/main.yml

@@ -87,7 +87,7 @@ matrix_bot_go_neb_container_extra_arguments: []
 
 # List of systemd services that matrix-bot-go-neb.service depends on
 matrix_bot_go_neb_systemd_required_services_list: "{{ matrix_bot_go_neb_systemd_required_services_list_default + matrix_bot_go_neb_systemd_required_services_list_auto + matrix_bot_go_neb_systemd_required_services_list_custom }}"
-matrix_bot_go_neb_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_bot_go_neb_systemd_required_services_list_default: ['docker.service']
 matrix_bot_go_neb_systemd_required_services_list_auto: []
 matrix_bot_go_neb_systemd_required_services_list_custom: []
 

roles/custom/matrix-bot-honoroit/defaults/main.yml

@@ -20,10 +20,10 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
 matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 
-# renovate: datasource=docker depName=ghcr.io/etkecc/honoroit
+# renovate: datasource=docker depName=registry.gitlab.com/etke.cc/honoroit
-matrix_bot_honoroit_version: v0.9.25
+matrix_bot_honoroit_version: v0.9.21
-matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etkecc/honoroit:{{ matrix_bot_honoroit_version }}"
+matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}"
-matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'ghcr.io/' }}"
+matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
 
 matrix_bot_honoroit_base_path: "{{ matrix_base_data_path }}/honoroit"
@@ -39,6 +39,15 @@ matrix_bot_honoroit_container_network: ""
 # Use this to expose this container to another reverse proxy, which runs in a different container network.
 matrix_bot_honoroit_container_additional_networks: []
 
+# enable basic auth for metrics
+matrix_bot_honoroit_basicauth_enabled: false
+# temporary file name on the host that runs ansible
+matrix_bot_honoroit_basicauth_file: "/tmp/matrix_bot_honoroit_htpasswd"
+# username
+matrix_bot_honoroit_basicauth_user: ''
+# password
+matrix_bot_honoroit_basicauth_password: ''
+
 # matrix_bot_honoroit_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
 # See `../templates/labels.j2` for details.
 #
@@ -75,7 +84,7 @@ matrix_bot_honoroit_container_extra_arguments: []
 
 # List of systemd services that matrix-bot-honoroit.service depends on
 matrix_bot_honoroit_systemd_required_services_list: "{{ matrix_bot_honoroit_systemd_required_services_list_default + matrix_bot_honoroit_systemd_required_services_list_auto + matrix_bot_honoroit_systemd_required_services_list_custom }}"
-matrix_bot_honoroit_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_bot_honoroit_systemd_required_services_list_default: ['docker.service']
 matrix_bot_honoroit_systemd_required_services_list_auto: []
 matrix_bot_honoroit_systemd_required_services_list_custom: []
 
@@ -140,26 +149,8 @@ matrix_bot_honoroit_sentry: ''
 # Log level
 matrix_bot_honoroit_loglevel: ''
 
-# /metrics basic auth login
+# Disable encryption
-matrix_bot_honoroit_auth_metrics_login: ''
+matrix_bot_honoroit_noencryption: false
-# /metrics basic auth password
-matrix_bot_honoroit_auth_metrics_password: ''
-# /metrics basic auth allowed IPs
-matrix_bot_honoroit_auth_metrics_ips: []
-
-# Optional healthchecks.io integration
-matrix_bot_honoroit_healthchecks_url: 'https://hc-ping.com'
-matrix_bot_honoroit_healthchecks_uuid: ''
-matrix_bot_honoroit_healthchecks_duration: 60  # in seconds
-
-# Optional Redmine integration
-matrix_bot_honoroit_redmine_host: ''  # e.g. https://redmine.example.com
-matrix_bot_honoroit_redmine_apikey: ''
-matrix_bot_honoroit_redmine_project: ''  # project identifier (e.g. 'myproject')
-matrix_bot_honoroit_redmine_tracker_id: ''  # tracker id (e.g. 1)
-matrix_bot_honoroit_redmine_new_status_id: ''  # new status id (e.g. 1)
-matrix_bot_honoroit_redmine_in_progress_status_id: ''  # in progress status id (e.g. 2)
-matrix_bot_honoroit_redmine_done_status_id: ''  # done status id (e.g. 3)
 
 # A list of whitelisted users allowed to use/invite honoroit
 # If not defined, everyone is allowed.

roles/custom/matrix-bot-honoroit/tasks/setup_install.yml

@@ -40,6 +40,21 @@
     - {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
   when: "item.when | bool"
 
+- name: Determine basicauth filename
+  ansible.builtin.set_fact:
+    matrix_bot_honoroit_basicauth_file_tmp: "{{ matrix_bot_honoroit_basicauth_file }}_{{ inventory_hostname }}"
+  when: matrix_bot_honoroit_basicauth_enabled | bool
+
+- name: Generate basic auth file
+  community.general.htpasswd:
+    path: "{{ matrix_bot_honoroit_basicauth_file }}"
+    name: "{{ matrix_bot_honoroit_basicauth_user }}"
+    password: "{{ matrix_bot_honoroit_basicauth_password }}"
+    mode: 0640
+  become: false
+  delegate_to: 127.0.0.1
+  when: matrix_bot_honoroit_basicauth_enabled | bool
+
 - name: Ensure honoroit support files installed
   ansible.builtin.template:
     src: "{{ role_path }}/templates/{{ item }}.j2"
@@ -51,6 +66,14 @@
     - env
     - labels
 
+- name: Ensure temporary basic auth file is removed
+  ansible.builtin.file:
+    path: "{{ matrix_bot_honoroit_basicauth_file }}"
+    state: absent
+  become: false
+  delegate_to: 127.0.0.1
+  when: matrix_bot_honoroit_basicauth_enabled | bool
+
 - name: Ensure honoroit image is pulled
   community.docker.docker_image:
     name: "{{ matrix_bot_honoroit_docker_image }}"

roles/custom/matrix-bot-honoroit/templates/env.j2

@@ -5,22 +5,10 @@ HONOROIT_ROOMID={{ matrix_bot_honoroit_roomid }}
 HONOROIT_DB_DSN={{ matrix_bot_honoroit_database_connection_string }}
 HONOROIT_DB_DIALECT={{ matrix_bot_honoroit_database_dialect }}
 HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }}
-HONOROIT_AUTH_METRICS_LOGIN={{ matrix_bot_honoroit_auth_metrics_login }}
+HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }}
-HONOROIT_AUTH_METRICS_PASSWORD={{ matrix_bot_honoroit_auth_metrics_password }}
-HONOROIT_AUTH_METRICS_IPS={{ matrix_bot_honoroit_auth_metrics_ips | default([]) | join(' ') }}
-HONOROIT_REDMINE_HOST={{ matrix_bot_honoroit_redmine_host }}
-HONOROIT_REDMINE_APIKEY={{ matrix_bot_honoroit_redmine_apikey }}
-HONOROIT_REDMINE_PROJECT={{ matrix_bot_honoroit_redmine_project }}
-HONOROIT_REDMINE_TRACKERID={{ matrix_bot_honoroit_redmine_tracker_id }}
-HONOROIT_REDMINE_NEWSTATUSID={{ matrix_bot_honoroit_redmine_new_status_id }}
-HONOROIT_REDMINE_INPROGRESSSTATUSID={{ matrix_bot_honoroit_redmine_in_progress_status_id }}
-HONOROIT_REDMINE_DONESTATUSID={{ matrix_bot_honoroit_redmine_done_status_id }}
-HONOROIT_MONITORING_SENTRY_DSN={{ matrix_bot_honoroit_sentry }}
-HONOROIT_MONITORING_HEALTHCHECKS_URL={{ matrix_bot_honoroit_healthchecks_url }}
-HONOROIT_MONITORING_HEALTHCHECKS_UUID={{ matrix_bot_honoroit_healthchecks_uuid }}
-HONOROIT_MONITORING_HEALTHCHECKS_DURATION={{ matrix_bot_honoroit_healthchecks_duration }}
 HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }}
 HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }}
+HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }}
 HONOROIT_IGNORENOTHREAD={{ matrix_bot_honoroit_ignorenothread }}
 HONOROIT_IGNOREDROOMS={{ matrix_bot_honoroit_ignoredrooms | join(' ') }}
 HONOROIT_ALLOWEDUSERS={{ matrix_bot_honoroit_allowedusers | join(' ') }}

roles/custom/matrix-bot-honoroit/templates/labels.j2

@@ -28,6 +28,11 @@ traefik.http.middlewares.matrix-bot-honoroit-add-headers.headers.customresponseh
 {% set middlewares = middlewares + ['matrix-bot-honoroit-add-headers'] %}
 {% endif %}
 
+{% if matrix_bot_honoroit_basicauth_enabled %}
+traefik.http.middlewares.matrix-bot-honoroit-auth.basicauth.users={{ lookup('ansible.builtin.file', matrix_bot_honoroit_basicauth_file) }}
+{% set middlewares_metrics = middlewares + ['matrix-bot-honoroit-auth'] %}
+{% endif %}
+
 {% if middlewares_metrics | length > 0 %}
 traefik.http.routers.matrix-bot-honoroit-metrics.rule={{ matrix_bot_honoroit_container_labels_traefik_metrics_rule }}
 {% if matrix_bot_honoroit_container_labels_traefik_priority | int > 0 %}

roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml

@@ -19,8 +19,8 @@ matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matri
 matrix_bot_matrix_registration_bot_config_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/config"
 matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/data"
 
-matrix_bot_matrix_registration_bot_bot_server: "{{ matrix_homeserver_url }}"
+matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}"
-matrix_bot_matrix_registration_bot_api_base_url: "{{ matrix_homeserver_url }}"
+matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}"
 
 
 # The bot's password (can also be used to login via a client like element)
@@ -45,7 +45,7 @@ matrix_bot_matrix_registration_bot_container_extra_arguments: []
 
 # List of systemd services that matrix-bot-matrix-registration-bot.service depends on
 matrix_bot_matrix_registration_bot_systemd_required_services_list: "{{ matrix_bot_matrix_registration_bot_systemd_required_services_list_default + matrix_bot_matrix_registration_bot_systemd_required_services_list_auto + matrix_bot_matrix_registration_bot_systemd_required_services_list_custom }}"
-matrix_bot_matrix_registration_bot_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_bot_matrix_registration_bot_systemd_required_services_list_default: ['docker.service']
 matrix_bot_matrix_registration_bot_systemd_required_services_list_auto: []
 matrix_bot_matrix_registration_bot_systemd_required_services_list_custom: []
 

roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml

@@ -33,7 +33,7 @@ matrix_bot_matrix_reminder_bot_container_additional_networks_custom: []
 
 # List of systemd services that matrix-bot-matrix-reminder-bot.service depends on
 matrix_bot_matrix_reminder_bot_systemd_required_services_list: "{{ matrix_bot_matrix_reminder_bot_systemd_required_services_list_default + matrix_bot_matrix_reminder_bot_systemd_required_services_list_auto + matrix_bot_matrix_reminder_bot_systemd_required_services_list_custom }}"
-matrix_bot_matrix_reminder_bot_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_bot_matrix_reminder_bot_systemd_required_services_list_default: ['docker.service']
 matrix_bot_matrix_reminder_bot_systemd_required_services_list_auto: []
 matrix_bot_matrix_reminder_bot_systemd_required_services_list_custom: []
 

roles/custom/matrix-bot-maubot/defaults/main.yml

@@ -5,12 +5,6 @@
 
 matrix_bot_maubot_enabled: true
 
-matrix_bot_maubot_login: bot.maubot
-
-# This is just initial password and it will not manage subsequent password changes.
-# Use a tool like synapse-admin if you need to change it.
-matrix_bot_maubot_initial_password: ''
-
 matrix_bot_maubot_scheme: https
 matrix_bot_maubot_hostname: ''
 matrix_bot_maubot_path_prefix: /_matrix/maubot
@@ -120,7 +114,7 @@ matrix_bot_maubot_container_extra_arguments: []
 
 # List of systemd services that matrix-bot-maubot.service depends on
 matrix_bot_maubot_systemd_required_services_list: "{{ matrix_bot_maubot_systemd_required_services_list_default + matrix_bot_maubot_systemd_required_services_list_auto + matrix_bot_maubot_systemd_required_services_list_custom }}"
-matrix_bot_maubot_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_bot_maubot_systemd_required_services_list_default: ['docker.service']
 matrix_bot_maubot_systemd_required_services_list_auto: []
 matrix_bot_maubot_systemd_required_services_list_custom: []
 

roles/custom/matrix-bot-maubot/tasks/validate_config.yml

@@ -25,4 +25,3 @@
     - {'name': 'matrix_bot_maubot_container_network', when: true}
     - {'name': 'matrix_bot_maubot_homeserver_name', when: true}
     - {'name': 'matrix_bot_maubot_homeserver_url', when: true}
-    - {'name': 'matrix_bot_maubot_initial_password', when: true}

roles/custom/matrix-bot-mjolnir/defaults/main.yml

@@ -30,7 +30,7 @@ matrix_bot_mjolnir_container_extra_arguments: []
 
 # List of systemd services that matrix-bot-mjolnir.service depends on
 matrix_bot_mjolnir_systemd_required_services_list: "{{ matrix_bot_mjolnir_systemd_required_services_list_default + matrix_bot_mjolnir_systemd_required_services_list_auto + matrix_bot_mjolnir_systemd_required_services_list_custom }}"
-matrix_bot_mjolnir_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_bot_mjolnir_systemd_required_services_list_default: ['docker.service']
 matrix_bot_mjolnir_systemd_required_services_list_auto: []
 matrix_bot_mjolnir_systemd_required_services_list_custom: []
 

roles/custom/matrix-bot-postmoogle/defaults/main.yml

@@ -1,18 +1,18 @@
 ---
 # postmoogle is an email to matrix bot
-# Project source code URL: https://github.com/etkecc/postmoogle
+# Project source code URL: https://gitlab.com/etke.cc/postmoogle
 
 matrix_bot_postmoogle_enabled: true
 
 matrix_bot_postmoogle_container_image_self_build: false
-matrix_bot_postmoogle_docker_repo: "https://github.com/etkecc/postmoogle.git"
+matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
 matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
 
-# renovate: datasource=docker depName=ghcr.io/etkecc/postmoogle
+# renovate: datasource=docker depName=registry.gitlab.com/etke.cc/postmoogle
-matrix_bot_postmoogle_version: v0.9.21
+matrix_bot_postmoogle_version: v0.9.18
-matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etkecc/postmoogle:{{ matrix_bot_postmoogle_version }}"
+matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}"
-matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'ghcr.io/' }}"
+matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"
 
 matrix_bot_postmoogle_base_path: "{{ matrix_base_data_path }}/postmoogle"
@@ -30,7 +30,7 @@ matrix_bot_postmoogle_container_extra_arguments: []
 
 # List of systemd services that matrix-bot-postmoogle.service depends on
 matrix_bot_postmoogle_systemd_required_services_list: "{{ matrix_bot_postmoogle_systemd_required_services_list_default + matrix_bot_postmoogle_systemd_required_services_list_auto + matrix_bot_postmoogle_systemd_required_services_list_custom }}"
-matrix_bot_postmoogle_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_bot_postmoogle_systemd_required_services_list_default: ['docker.service']
 matrix_bot_postmoogle_systemd_required_services_list_auto: []
 matrix_bot_postmoogle_systemd_required_services_list_custom: []
 

roles/custom/matrix-bridge-appservice-discord/defaults/main.yml

@@ -40,7 +40,7 @@ matrix_appservice_discord_container_extra_arguments: []
 
 # List of systemd services that matrix-appservice-discord.service depends on.
 matrix_appservice_discord_systemd_required_services_list: "{{ matrix_appservice_discord_systemd_required_services_list_default + matrix_appservice_discord_systemd_required_services_list_auto + matrix_appservice_discord_systemd_required_services_list_custom }}"
-matrix_appservice_discord_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_appservice_discord_systemd_required_services_list_default: ['docker.service']
 matrix_appservice_discord_systemd_required_services_list_auto: []
 matrix_appservice_discord_systemd_required_services_list_custom: []
 

roles/custom/matrix-bridge-appservice-irc/defaults/main.yml

@@ -23,7 +23,7 @@ matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config
 matrix_appservice_irc_data_path: "{{ matrix_appservice_irc_base_path }}/data"
 
 matrix_appservice_irc_homeserver_url: ""
-matrix_appservice_irc_homeserver_media_url: '{{ matrix_homeserver_url }}'
+matrix_appservice_irc_homeserver_media_url: 'https://{{ matrix_server_fqn_matrix }}'
 matrix_appservice_irc_homeserver_domain: '{{ matrix_domain }}'
 matrix_appservice_irc_homeserver_enablePresence: true  # noqa var-naming
 matrix_appservice_irc_appservice_address: 'http://matrix-appservice-irc:9999'
@@ -382,7 +382,7 @@ matrix_appservice_irc_container_extra_arguments: []
 
 # List of systemd services that matrix-appservice-irc.service depends on.
 matrix_appservice_irc_systemd_required_services_list: "{{ matrix_appservice_irc_systemd_required_services_list_default + matrix_appservice_irc_systemd_required_services_list_auto + matrix_appservice_irc_systemd_required_services_list_custom }}"
-matrix_appservice_irc_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_appservice_irc_systemd_required_services_list_default: ['docker.service']
 matrix_appservice_irc_systemd_required_services_list_auto: []
 matrix_appservice_irc_systemd_required_services_list_custom: []
 

roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml

@@ -55,12 +55,7 @@ matrix_appservice_kakaotalk_container_extra_arguments: []
 
 # List of systemd services that matrix-appservice-kakaotalk.service depends on.
 matrix_appservice_kakaotalk_systemd_required_services_list: "{{ matrix_appservice_kakaotalk_systemd_required_services_list_default + matrix_appservice_kakaotalk_systemd_required_services_list_auto + matrix_appservice_kakaotalk_systemd_required_services_list_custom }}"
-matrix_appservice_kakaotalk_systemd_required_services_list_default: |-
+matrix_appservice_kakaotalk_systemd_required_services_list_default: ['docker.service', 'matrix-appservice-kakaotalk-node.service']
-  {{
-    ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [])
-    +
-    ['matrix-appservice-kakaotalk-node.service']
-  }}
 matrix_appservice_kakaotalk_systemd_required_services_list_auto: []
 matrix_appservice_kakaotalk_systemd_required_services_list_custom: []
 
@@ -77,7 +72,7 @@ matrix_appservice_kakaotalk_container_additional_networks_custom: []
 matrix_appservice_kakaotalk_node_container_extra_arguments: []
 
 # List of systemd services that matrix-appservice-kakaotalk-node.service depends on.
-matrix_appservice_kakaotalk_node_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_appservice_kakaotalk_node_systemd_required_services_list: ['docker.service']
 
 # List of systemd services that matrix-appservice-kakaotalk-node.service wants
 matrix_appservice_kakaotalk_node_systemd_wanted_services_list: []

roles/custom/matrix-bridge-appservice-slack/defaults/main.yml

@@ -81,7 +81,7 @@ matrix_appservice_slack_container_extra_arguments: []
 
 # List of systemd services that matrix-appservice-slack.service depends on.
 matrix_appservice_slack_systemd_required_services_list: "{{ matrix_appservice_slack_systemd_required_services_list_default + matrix_appservice_slack_systemd_required_services_list_auto + matrix_appservice_slack_systemd_required_services_list_custom }}"
-matrix_appservice_slack_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_appservice_slack_systemd_required_services_list_default: ['docker.service']
 matrix_appservice_slack_systemd_required_services_list_auto: []
 matrix_appservice_slack_systemd_required_services_list_custom: []
 

roles/custom/matrix-bridge-appservice-webhooks/defaults/main.yml

@@ -77,7 +77,7 @@ matrix_appservice_webhooks_container_extra_arguments: []
 
 # List of systemd services that matrix-appservice-webhooks.service depends on.
 matrix_appservice_webhooks_systemd_required_services_list: "{{ matrix_appservice_webhooks_systemd_required_services_list_default + matrix_appservice_webhooks_systemd_required_services_list_auto + matrix_appservice_webhooks_systemd_required_services_list_custom }}"
-matrix_appservice_webhooks_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_appservice_webhooks_systemd_required_services_list_default: ['docker.service']
 matrix_appservice_webhooks_systemd_required_services_list_auto: []
 matrix_appservice_webhooks_systemd_required_services_list_custom: []
 

roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml

@@ -49,7 +49,7 @@ matrix_beeper_linkedin_container_extra_arguments: []
 
 # List of systemd services that matrix-beeper-linkedin.service depends on.
 matrix_beeper_linkedin_systemd_required_services_list: "{{ matrix_beeper_linkedin_systemd_required_services_list_default + matrix_beeper_linkedin_systemd_required_services_list_auto + matrix_beeper_linkedin_systemd_required_services_list_custom }}"
-matrix_beeper_linkedin_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_beeper_linkedin_systemd_required_services_list_default: ['docker.service']
 matrix_beeper_linkedin_systemd_required_services_list_auto: []
 matrix_beeper_linkedin_systemd_required_services_list_custom: []
 
@@ -88,7 +88,7 @@ matrix_beeper_linkedin_appservice_database_uri: "{{
 }}"
 
 
-# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth) or Appservice Double Puppet.
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
 matrix_beeper_linkedin_login_shared_secret: ''
 
 # Specifies the default log level for all bridge loggers.

roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml

@@ -34,7 +34,7 @@ matrix_go_skype_bridge_container_extra_arguments: []
 
 # List of systemd services that matrix-go-skype-bridge.service depends on.
 matrix_go_skype_bridge_systemd_required_services_list: "{{ matrix_go_skype_bridge_systemd_required_services_list_default + matrix_go_skype_bridge_systemd_required_services_list_auto + matrix_go_skype_bridge_systemd_required_services_list_custom }}"
-matrix_go_skype_bridge_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_go_skype_bridge_systemd_required_services_list_default: ['docker.service']
 matrix_go_skype_bridge_systemd_required_services_list_auto: []
 matrix_go_skype_bridge_systemd_required_services_list_custom: []
 

roles/custom/matrix-bridge-heisenbridge/defaults/main.yml

@@ -4,12 +4,8 @@
 
 matrix_heisenbridge_enabled: true
 
-matrix_heisenbridge_scheme: https
-matrix_heisenbridge_hostname: "{{ matrix_server_fqn_matrix }}"
-matrix_heisenbridge_path_prefix: "/heisenbridge"
-
 # renovate: datasource=docker depName=hif1/heisenbridge
-matrix_heisenbridge_version: 1.15.0
+matrix_heisenbridge_version: 1.14.6
 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
 matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
 
@@ -31,43 +27,12 @@ matrix_heisenbridge_container_additional_networks_custom: []
 # We use a small value here, because this container does not seem to handle the SIGTERM signal.
 matrix_heisenbridge_container_stop_grace_time_seconds: 1
 
-# matrix_heisenbridge_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
-# See `../templates/labels.j2` for details.
-#
-# To inject your own other container labels, see `matrix_heisenbridge_container_labels_additional_labels`.
-matrix_heisenbridge_container_labels_traefik_enabled: true
-matrix_heisenbridge_container_labels_traefik_docker_network: "{{ matrix_heisenbridge_container_network }}"
-matrix_heisenbridge_container_labels_traefik_hostname: "{{ matrix_heisenbridge_hostname }}"
-matrix_heisenbridge_container_labels_traefik_path_prefix: "{{ matrix_heisenbridge_path_prefix }}"
-matrix_heisenbridge_container_labels_traefik_entrypoints: web-secure
-matrix_heisenbridge_container_labels_traefik_tls_certResolver: default  # noqa var-naming
-
-# Controls if the media router is enabled
-matrix_heisenbridge_container_labels_traefik_media_enabled: true
-matrix_heisenbridge_container_labels_traefik_media_hostname: "{{ matrix_heisenbridge_container_labels_traefik_hostname }}"
-# The path prefix must either be `/` or not end with a slash (e.g. `/heisenbridge`).
-matrix_heisenbridge_container_labels_traefik_media_path_prefix: "{{ '/_heisenbridge/media' if matrix_heisenbridge_container_labels_traefik_path_prefix == '/' else (matrix_heisenbridge_container_labels_traefik_path_prefix + '/_heisenbridge/media') }}"
-matrix_heisenbridge_container_labels_traefik_media_rule: "Host(`{{ matrix_heisenbridge_container_labels_traefik_media_hostname }}`){% if matrix_heisenbridge_container_labels_traefik_media_path_prefix != '/' %} && PathPrefix(`{{ matrix_heisenbridge_container_labels_traefik_media_path_prefix }}`){% endif %}"
-matrix_heisenbridge_container_labels_traefik_media_priority: 0
-matrix_heisenbridge_container_labels_traefik_media_entrypoints: "{{ matrix_heisenbridge_container_labels_traefik_entrypoints }}"
-matrix_heisenbridge_container_labels_traefik_media_tls: "{{ matrix_heisenbridge_container_labels_traefik_media_entrypoints != 'web' }}"
-matrix_heisenbridge_container_labels_traefik_media_tls_certResolver: "{{ matrix_heisenbridge_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-
-# matrix_heisenbridge_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
-# See `../templates/labels.j2` for details.
-#
-# Example:
-# matrix_heisenbridge_container_labels_additional_labels: |
-#   my.label=1
-#   another.label="here"
-matrix_heisenbridge_container_labels_additional_labels: ''
-
 # A list of extra arguments to pass to the container
 matrix_heisenbridge_container_extra_arguments: []
 
 # List of systemd services that service depends on.
 matrix_heisenbridge_systemd_required_services_list: "{{ matrix_heisenbridge_systemd_required_services_list_default + matrix_heisenbridge_systemd_required_services_list_auto + matrix_heisenbridge_systemd_required_services_list_custom }}"
-matrix_heisenbridge_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_heisenbridge_systemd_required_services_list_default: ['docker.service']
 matrix_heisenbridge_systemd_required_services_list_auto: []
 matrix_heisenbridge_systemd_required_services_list_custom: []
 
@@ -79,20 +44,11 @@ matrix_heisenbridge_homeserver_url: ""
 matrix_heisenbridge_appservice_token: ''
 matrix_heisenbridge_homeserver_token: ''
 
-# In light of Synapse sunsetting unauthenticated media, we'd like to move to Heisenbridge's media proxy,
+matrix_heisenbridge_config_media_url: "{{ matrix_homeserver_url }}"
-# announced here: https://github.com/hifi/heisenbridge/releases/tag/v1.15.0
-#
-# It seems like the media proxy is not working as expected, so we're disabling it for now and falling back to our old media URL (pointing Heisenbridge to the homeserver URL).
-# Right now, Heisenbridge is still generating URLs like `{media_url}/_matrix/media/v3/download/DOMAIN/FILE_ID/FILE_NAME`,
-# so pointing `media_url` to the homeserver is a good fit.
-# matrix_heisenbridge_config_media_url: "{{ matrix_heisenbridge_scheme }}://{{ matrix_heisenbridge_hostname }}{{ matrix_heisenbridge_path_prefix }}"
-matrix_heisenbridge_config_media_url: "{{ matrix_heisenbridge_scheme }}://{{ matrix_heisenbridge_hostname }}"
-matrix_heisenbridge_config_media_key: "{{ matrix_heisenbridge_homeserver_token }}"
 matrix_heisenbridge_config_displayname: "Heisenbridge"
 
 matrix_heisenbridge_registration_yaml_heisenbridge:
   media_url: "{{ matrix_heisenbridge_config_media_url }}"
-  media_key: "{{ matrix_heisenbridge_config_media_key }}"
   displayname: "{{ matrix_heisenbridge_config_displayname }}"
 
 # Default registration file consumed by both the homeserver and Heisenbridge.

roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml

@@ -29,16 +29,6 @@
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
 
-- name: Ensure heisenbridge support files installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/{{ item }}.j2"
-    dest: "{{ matrix_heisenbridge_base_path }}/{{ item }}"
-    mode: 0640
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  with_items:
-    - labels
-
 - name: Ensure heisenbridge container network is created
   community.general.docker_network:
     enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"

roles/custom/matrix-bridge-heisenbridge/templates/labels.j2

@@ -1,52 +0,0 @@
-{% if matrix_heisenbridge_container_labels_traefik_enabled %}
-traefik.enable=true
-
-{% if matrix_heisenbridge_container_labels_traefik_docker_network %}
-traefik.docker.network={{ matrix_heisenbridge_container_labels_traefik_docker_network }}
-{% endif %}
-
-traefik.http.services.matrix-heisenbridge.loadbalancer.server.port=9898
-
-{% set middlewares = [] %}
-
-{% if matrix_heisenbridge_container_labels_traefik_path_prefix != '/' %}
-traefik.http.middlewares.matrix-heisenbridge-strip-prefix.stripprefix.prefixes={{ matrix_heisenbridge_container_labels_traefik_path_prefix }}
-{% set middlewares = middlewares + ['matrix-heisenbridge-strip-prefix'] %}
-{% endif %}
-
-{% if matrix_heisenbridge_container_labels_traefik_media_enabled %}
-##########################################################################
-#                                                                        #
-# Media                                                                  #
-#                                                                        #
-##########################################################################
-
-traefik.http.routers.matrix-heisenbridge-media.rule={{ matrix_heisenbridge_container_labels_traefik_media_rule }}
-
-{% if matrix_heisenbridge_container_labels_traefik_media_priority | int > 0 %}
-traefik.http.routers.matrix-heisenbridge-media.priority={{ matrix_heisenbridge_container_labels_traefik_media_priority }}
-{% endif %}
-
-{% if middlewares | length > 0 %}
-traefik.http.routers.matrix-heisenbridge-media.middlewares={{ middlewares | join(',') }}
-{% endif %}
-
-traefik.http.routers.matrix-heisenbridge-media.service=matrix-heisenbridge
-traefik.http.routers.matrix-heisenbridge-media.entrypoints={{ matrix_heisenbridge_container_labels_traefik_entrypoints }}
-
-traefik.http.routers.matrix-heisenbridge-media.tls={{ matrix_heisenbridge_container_labels_traefik_media_tls | to_json }}
-{% if matrix_heisenbridge_container_labels_traefik_media_entrypoints %}
-traefik.http.routers.matrix-heisenbridge-media.tls.certResolver={{ matrix_heisenbridge_container_labels_traefik_media_tls_certResolver }}
-{% endif %}
-
-##########################################################################
-#                                                                        #
-# /Media                                                                 #
-#                                                                        #
-##########################################################################
-{% endif %}
-
-
-{% endif %}
-
-{{ matrix_heisenbridge_container_labels_additional_labels }}

roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2

@@ -27,7 +27,6 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			-p 113:13113 \
 			{% endif %}
 			--mount type=bind,src={{ matrix_heisenbridge_base_path }},dst=/config \
-			--label-file={{ matrix_heisenbridge_base_path }}/labels \
 			{% for arg in matrix_heisenbridge_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}

roles/custom/matrix-bridge-hookshot/defaults/main.yml

@@ -17,7 +17,7 @@ matrix_hookshot_container_additional_networks_auto: []
 matrix_hookshot_container_additional_networks_custom: []
 
 # renovate: datasource=docker depName=halfshot/matrix-hookshot
-matrix_hookshot_version: 5.4.1
+matrix_hookshot_version: 5.3.0
 
 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
 matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
@@ -30,15 +30,10 @@ matrix_hookshot_docker_src_files_path: "{{ matrix_hookshot_base_path }}/docker-s
 matrix_hookshot_homeserver_address: ""
 matrix_hookshot_container_url: 'matrix-hookshot'
 
-matrix_hookshot_public_scheme: https
 matrix_hookshot_public_hostname: "{{ matrix_server_fqn_matrix }}"
 matrix_hookshot_public_endpoint: /hookshot
 
-# This is the base URL prefix shared among all endpoints.
+matrix_hookshot_urlprefix: "https://{{ matrix_hookshot_public_hostname }}{{ matrix_hookshot_public_endpoint }}"
-#
-# It intentionally does not include the path prefix (`matrix_hookshot_public_endpoint`),
-# because of how it's used - it's concatenated with paths that already use matrix_hookshot_public_endpoint` within them.
-matrix_hookshot_urlprefix: "{{ matrix_hookshot_public_scheme }}://{{ matrix_hookshot_public_hostname }}"
 
 # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
 matrix_hookshot_appservice_port: 9993
@@ -125,7 +120,6 @@ matrix_hookshot_gitlab_instances:
 
 # This will be the "Secret token" you have to enter into all GitLab instances for authentication
 matrix_hookshot_gitlab_webhook_secret: ''
-matrix_hookshot_gitlab_webhook_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_webhook_endpoint }}"  # noqa var-naming
 
 
 matrix_hookshot_figma_enabled: false
@@ -155,7 +149,7 @@ matrix_hookshot_jira_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matr
 matrix_hookshot_generic_enabled: true
 matrix_hookshot_generic_enableHttpGet: false  # noqa var-naming
 # Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks"
-matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/webhook"
+matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}"
 # urlprefix gets updated with protocol & port in group_vars/matrix_servers
 matrix_hookshot_generic_urlPrefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}"  # noqa var-naming
 # If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap
@@ -254,7 +248,7 @@ matrix_hookshot_container_labels_webhooks_traefik_entrypoints: "{{ matrix_hooksh
 matrix_hookshot_container_labels_webhooks_traefik_tls: "{{ matrix_hookshot_container_labels_webhooks_traefik_entrypoints != 'web' }}"
 matrix_hookshot_container_labels_webhooks_traefik_tls_certResolver: "{{ matrix_hookshot_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
 
-# Controls whether labels will be added that expose Hookshot's appservice endpoint
+# Controls whether labels will be added that expose Hookshot's generic endpoint
 matrix_hookshot_container_labels_appservice_enabled: true
 matrix_hookshot_container_labels_appservice_traefik_rule: "Host(`{{ matrix_hookshot_appservice_hostname }}`) && PathPrefix(`{{ matrix_hookshot_appservice_endpoint }}`)"
 matrix_hookshot_container_labels_appservice_traefik_priority: 0
@@ -300,7 +294,7 @@ matrix_hookshot_container_labels_additional_labels: ''
 
 # List of systemd services that service depends on.
 matrix_hookshot_systemd_required_services_list: "{{ matrix_hookshot_systemd_required_services_list_default + matrix_hookshot_systemd_required_services_list_auto + matrix_hookshot_systemd_required_services_list_custom }}"
-matrix_hookshot_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_hookshot_systemd_required_services_list_default: ['docker.service']
 matrix_hookshot_systemd_required_services_list_auto: []
 matrix_hookshot_systemd_required_services_list_custom: []
 

roles/custom/matrix-bridge-hookshot/templates/config.yml.j2

@@ -47,7 +47,6 @@ gitlab:
   instances: {{ matrix_hookshot_gitlab_instances | to_json }}
   webhook:
     secret: {{ matrix_hookshot_gitlab_webhook_secret | to_json }}
-    publicUrl: {{ matrix_hookshot_gitlab_webhook_publicUrl | to_json }}
 {% endif %}
 {% if matrix_hookshot_figma_enabled %}
 figma:

roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix
 matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/discord
-matrix_mautrix_discord_version: v0.7.0
+matrix_mautrix_discord_version: v0.6.5
 
 # See: https://mau.dev/mautrix/discord/container_registry
 matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
@@ -45,7 +45,7 @@ matrix_mautrix_discord_container_extra_arguments: []
 
 # List of systemd services that matrix-mautrix-discord.service depends on.
 matrix_mautrix_discord_systemd_required_services_list: "{{ matrix_mautrix_discord_systemd_required_services_list_default + matrix_mautrix_discord_systemd_required_services_list_auto + matrix_mautrix_discord_systemd_required_services_list_custom }}"
-matrix_mautrix_discord_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_mautrix_discord_systemd_required_services_list_default: ['docker.service']
 matrix_mautrix_discord_systemd_required_services_list_auto: []
 matrix_mautrix_discord_systemd_required_services_list_custom: []
 
@@ -100,9 +100,10 @@ matrix_mautrix_discord_appservice_database_uri: "{{
 	}[matrix_mautrix_discord_database_engine]
 }}"
 
-matrix_mautrix_discord_bridge_login_shared_secret_map: "{{ matrix_mautrix_discord_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_discord_bridge_login_shared_secret_map_custom) }}"
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
-matrix_mautrix_discord_bridge_login_shared_secret_map_auto: {}
+matrix_mautrix_discord_login_shared_secret: ''
-matrix_mautrix_discord_bridge_login_shared_secret_map_custom: {}
+matrix_mautrix_discord_bridge_login_shared_secret_map:
+  "{{ {matrix_mautrix_discord_homeserver_domain: matrix_mautrix_discord_login_shared_secret} if matrix_mautrix_discord_login_shared_secret else {} }}"
 
 # Servers to always allow double puppeting from
 matrix_mautrix_discord_bridge_double_puppet_server_map:

roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml

@@ -12,12 +12,3 @@
     - {'name': 'matrix_mautrix_discord_homeserver_public_address', when: true}
     - {'name': 'matrix_mautrix_discord_container_network', when: true}
     - {'name': 'matrix_mautrix_discord_database_hostname', when: "{{ matrix_mautrix_discord_database_engine == 'postgres' }}"}
-
-- name: (Deprecation) Catch and report renamed settings
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
-  when: "item.old in vars"
-  with_items:
-    - {'old': 'matrix_mautrix_discord_login_shared_secret', 'new': '<removed>'}

roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -80,7 +80,7 @@ matrix_mautrix_facebook_container_extra_arguments: []
 
 # List of systemd services that matrix-mautrix-facebook.service depends on.
 matrix_mautrix_facebook_systemd_required_services_list: "{{ matrix_mautrix_facebook_systemd_required_services_list_default + matrix_mautrix_facebook_systemd_required_services_list_auto + matrix_mautrix_facebook_systemd_required_services_list_custom }}"
-matrix_mautrix_facebook_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_mautrix_facebook_systemd_required_services_list_default: ['docker.service']
 matrix_mautrix_facebook_systemd_required_services_list_auto: []
 matrix_mautrix_facebook_systemd_required_services_list_custom: []
 

roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
-matrix_mautrix_gmessages_version: v0.4.3
+matrix_mautrix_gmessages_version: v0.4.1
 
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
@@ -67,7 +67,7 @@ matrix_mautrix_gmessages_container_extra_arguments: []
 
 # List of systemd services that matrix-mautrix-gmessages.service depends on.
 matrix_mautrix_gmessages_systemd_required_services_list: "{{ matrix_mautrix_gmessages_systemd_required_services_list_default + matrix_mautrix_gmessages_systemd_required_services_list_auto + matrix_mautrix_gmessages_systemd_required_services_list_custom }}"
-matrix_mautrix_gmessages_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_mautrix_gmessages_systemd_required_services_list_default: ['docker.service']
 matrix_mautrix_gmessages_systemd_required_services_list_auto: []
 matrix_mautrix_gmessages_systemd_required_services_list_custom: []
 
@@ -132,7 +132,7 @@ matrix_mautrix_gmessages_appservice_database_uri: "{{
 	}[matrix_mautrix_gmessages_database_engine]
 }}"
 
-# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth) or Appservice Double Puppet.
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
 matrix_mautrix_gmessages_login_shared_secret: ''
 matrix_mautrix_gmessages_bridge_login_shared_secret_map:
   "{{ {matrix_mautrix_gmessages_homeserver_domain: matrix_mautrix_gmessages_login_shared_secret} if matrix_mautrix_gmessages_login_shared_secret else {} }}"

roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/m
 matrix_mautrix_googlechat_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_googlechat_version == 'latest' else matrix_mautrix_googlechat_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/googlechat
-matrix_mautrix_googlechat_version: v0.5.2
+matrix_mautrix_googlechat_version: v0.5.1
 # See: https://mau.dev/mautrix/googlechat/container_registry
 matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}"
 matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}"
@@ -83,7 +83,7 @@ matrix_mautrix_googlechat_container_extra_arguments: []
 
 # List of systemd services that matrix-mautrix-googlechat.service depends on.
 matrix_mautrix_googlechat_systemd_required_services_list: "{{ matrix_mautrix_googlechat_systemd_required_services_list_default + matrix_mautrix_googlechat_systemd_required_services_list_auto + matrix_mautrix_googlechat_systemd_required_services_list_custom }}"
-matrix_mautrix_googlechat_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_mautrix_googlechat_systemd_required_services_list_default: ['docker.service']
 matrix_mautrix_googlechat_systemd_required_services_list_auto: []
 matrix_mautrix_googlechat_systemd_required_services_list_custom: []
 
@@ -141,7 +141,7 @@ matrix_mautrix_googlechat_appservice_database: "{{
 }}"
 
 
-# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth) or Appservice Double Puppet.
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
 matrix_mautrix_googlechat_login_shared_secret: ''
 
 matrix_mautrix_googlechat_appservice_bot_username: googlechatbot

roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml

@@ -89,7 +89,7 @@ matrix_mautrix_hangouts_container_extra_arguments: []
 
 # List of systemd services that matrix-mautrix-hangouts.service depends on.
 matrix_mautrix_hangouts_systemd_required_services_list: "{{ matrix_mautrix_hangouts_systemd_required_services_list_default + matrix_mautrix_hangouts_systemd_required_services_list_auto + matrix_mautrix_hangouts_systemd_required_services_list_custom }}"
-matrix_mautrix_hangouts_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_mautrix_hangouts_systemd_required_services_list_default: ['docker.service']
 matrix_mautrix_hangouts_systemd_required_services_list_auto: []
 matrix_mautrix_hangouts_systemd_required_services_list_custom: []
 

roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml

@@ -72,7 +72,7 @@ matrix_mautrix_instagram_container_extra_arguments: []
 
 # List of systemd services that matrix-mautrix-instagram.service depends on.
 matrix_mautrix_instagram_systemd_required_services_list: "{{ matrix_mautrix_instagram_systemd_required_services_list_default + matrix_mautrix_instagram_systemd_required_services_list_auto + matrix_mautrix_instagram_systemd_required_services_list_custom }}"
-matrix_mautrix_instagram_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_mautrix_instagram_systemd_required_services_list_default: ['docker.service']
 matrix_mautrix_instagram_systemd_required_services_list_auto: []
 matrix_mautrix_instagram_systemd_required_services_list_custom: []
 

roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_mautrix_meta_instagram_enabled: true
 matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_instagram_version: v0.3.2
+matrix_mautrix_meta_instagram_version: v0.3.1
 
 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
 matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
@@ -69,7 +69,7 @@ matrix_mautrix_meta_instagram_container_extra_arguments: []
 
 # List of systemd services that the systemd service depends on.
 matrix_mautrix_meta_instagram_systemd_required_services_list: "{{ matrix_mautrix_meta_instagram_systemd_required_services_list_default + matrix_mautrix_meta_instagram_systemd_required_services_list_auto + matrix_mautrix_meta_instagram_systemd_required_services_list_custom }}"
-matrix_mautrix_meta_instagram_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_mautrix_meta_instagram_systemd_required_services_list_default: ['docker.service']
 matrix_mautrix_meta_instagram_systemd_required_services_list_auto: []
 matrix_mautrix_meta_instagram_systemd_required_services_list_custom: []
 
@@ -214,9 +214,10 @@ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing: "{{ matrix_ma
 matrix_mautrix_meta_instagram_bridge_encryption_appservice: false
 matrix_mautrix_meta_instagram_bridge_encryption_require: false
 
-matrix_mautrix_meta_instagram_bridge_login_shared_secret_map: "{{ matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_custom) }}"
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
-matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_auto: {}
+matrix_mautrix_meta_instagram_bridge_login_shared_secret: ''
-matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_custom: {}
+
+matrix_mautrix_meta_instagram_bridge_login_shared_secret_map: "{{ {matrix_mautrix_meta_instagram_homeserver_domain: matrix_mautrix_meta_instagram_bridge_login_shared_secret} if matrix_mautrix_meta_instagram_bridge_login_shared_secret else {} }}"
 
 matrix_mautrix_meta_instagram_bridge_permissions: "{{ matrix_mautrix_meta_instagram_bridge_permissions_default | combine(matrix_mautrix_meta_instagram_bridge_permissions_custom) }}"
 

roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/validate_config.yml

@@ -14,12 +14,3 @@
     - {'name': 'matrix_mautrix_meta_instagram_homeserver_address', when: true}
     - {'name': 'matrix_mautrix_meta_instagram_database_hostname', when: "{{ matrix_mautrix_meta_instagram_database_engine == 'postgres' }}"}
     - {'name': 'matrix_mautrix_meta_instagram_database_password', when: "{{ matrix_mautrix_meta_instagram_database_engine == 'postgres' }}"}
-
-- name: (Deprecation) Catch and report renamed settings
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
-  when: "item.old in vars"
-  with_items:
-    - {'old': 'matrix_mautrix_meta_instagram_bridge_login_shared_secret', 'new': '<removed>'}

roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml

@@ -13,7 +13,7 @@ matrix_mautrix_meta_messenger_enabled: true
 matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_messenger_version: v0.3.2
+matrix_mautrix_meta_messenger_version: v0.3.1
 
 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
 matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
@@ -69,7 +69,7 @@ matrix_mautrix_meta_messenger_container_extra_arguments: []
 
 # List of systemd services that the systemd service depends on.
 matrix_mautrix_meta_messenger_systemd_required_services_list: "{{ matrix_mautrix_meta_messenger_systemd_required_services_list_default + matrix_mautrix_meta_messenger_systemd_required_services_list_auto + matrix_mautrix_meta_messenger_systemd_required_services_list_custom }}"
-matrix_mautrix_meta_messenger_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+matrix_mautrix_meta_messenger_systemd_required_services_list_default: ['docker.service']
 matrix_mautrix_meta_messenger_systemd_required_services_list_auto: []
 matrix_mautrix_meta_messenger_systemd_required_services_list_custom: []
 
@@ -214,9 +214,10 @@ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing: "{{ matrix_ma
 matrix_mautrix_meta_messenger_bridge_encryption_appservice: false
 matrix_mautrix_meta_messenger_bridge_encryption_require: false
 
-matrix_mautrix_meta_messenger_bridge_login_shared_secret_map: "{{ matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_custom) }}"
+# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
-matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_auto: {}
+matrix_mautrix_meta_messenger_bridge_login_shared_secret: ''
-matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_custom: {}
+
+matrix_mautrix_meta_messenger_bridge_login_shared_secret_map: "{{ {matrix_mautrix_meta_messenger_homeserver_domain: matrix_mautrix_meta_messenger_bridge_login_shared_secret} if matrix_mautrix_meta_messenger_bridge_login_shared_secret else {} }}"
 
 matrix_mautrix_meta_messenger_bridge_permissions: "{{ matrix_mautrix_meta_messenger_bridge_permissions_default | combine(matrix_mautrix_meta_messenger_bridge_permissions_custom) }}"